One of the issues we see is programs trying going straight to the scaled agile development framework, like SAFe. We issued a memo highly discouraging programs from using SAFe and others. Most programs are stuck in waterfall or water-agile-fall. So you don’t just start day one with the hardest framework. First, you need to adopt agile and scrum and kanban and all that at scale and across the program. That’s not just the development teams, but the contracting, program management, how you report to leadership without EVM — that’s earned value management — the whole thing moving to an agile mindset. You can’t scale if you don’t have the basics right. So make sure you have 2 or 3 years of doing scrum and doing it at scale…
SAFe was really created before DevSecOps. When it comes to DevSecOps teams and moving to microservices and breaking the application into smaller code base using domain driven design… yes, this is something you can use for weapon systems, business systems, cyber offense/defense, it’s a best practice to build modular software regardless of the software. There’s no excuse, there’s no special use case in DOD that will not enable us to use microservices and modern software development capabilities.
Keep in mind that once you start de-coupling your teams, there’s really little interaction needed between the teams. The whole point of a service mesh is to avoid sharing libraries and sharing information across teams. And so it’s been critical for us to show that the service mesh… removes the coordination across teams.
The only big aspect of code that’s always something you need to think about is the product owners of each team need to collaborate and really need to understand the end user and the mission of the program itself so they don’t build stuff in a vacuum. But that’s very different. That’s a scrum of scrums model that’s a product owner team that collaborate and share from the user and from stakeholders to define what has to be built.
That was the excellent Nicholas Chaillan, the Air Force’s chief software officer, in a great presentation and Q&A. [UPDATE: video was removed, you can access the slides here and see the full list of Ask Me Anything here.] Listen to the whole thing. I think the programming and financial management communities needs to think hard about how this affects their processes, particularly considering investments into enterprise tools, approval timelines, and how overlapping/modular developments fit into program line items.
How acquisition program management adjusts to DevSecOps developments is one of the key challenges the Air Force acquisition corps faces. AFIT is working with Mr. Chaillan to provide appropriate education and training opportunities.
Could you please update the presentation URL, it think it expired. Thanks
Video seems to have been removed. The slides are available at the following link, along with tons of other documents, videos, and training from the AF Chief Software Officer: https://software.af.mil/dsop/documents/