DevOps(Sec) Transformation Roadmap Because DevOps is passé Step 1: Understanding and level setting expectations Step 2: Collaborative Preparation Step 4: Continuous Improvement Conduct assessments Findings and opinions of organizational culture,engineer practices, security, quality, infrastructure management, and deployment pipelines based on interviews, observations, and surveys across the organization Culture Engineering Excellence DevOps Practices Inspect & Adapt Set goals Measurable and quantifiable outcomes A Create a DevOps Center of Excellence portal D Develop a common language E Help identify, implement, and configure supportive tools F Help identify, implement, and configure tools to support DevOps practices G Institute minimal standards / quality H Establish the Lightweight Agile Governance Framework TM Documented expectations on how initiatives are started, managed, delivered, and measured C Facilitate training, boot camps, and workshops B Define new roles to support DevOps Step 3: Initial Strategic Activities Stand-up a Temporary DevOps(Sec) team Create a cross-functional team (methodologist, technologist, champions) to help development, operations, and security in establishing the DevOps practices and culture across the organization. Establish Agile engineering practices Delivery teams collaborate to identify, document, and champion patterns, practices, and quality minimums that helps them continually and rapidly deliver new value. Create a cloud-based infrastructure management practice Establish an organizational practice to support a highly scalable secure and compliant value-driven delivery process with technologies like Infrastructure as Code (IaC), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). Implement Continuous Integration Establish a shared set of tools, practices, and quality minimums for the Continuous Integration approach. Implement Continuous Delivery / Deployment Establish a shared set of tools, practices, and quality minimums for the Continuous Delivery / Deployment approach. Disband the Temporary DevOps(Sec) team Disband the team after the initial set of DevOps practices are being practiced and the organization is mature enough with their Continuous Improvement process to continually Inspect & Adapt. 1 2 3 4 5 6 01000001 01100111 01101001 01101100 01100101 √ Retrospectives √ Experiments √ Measures √ Metrics √ Benchmarks √ Key Performance Indicator ● Architectural patterns ● Engineering practices ● Quality Development DevOpsSec Practices Operations Infrastructure Management Configuration Management Continuous Monitoring Iterative & Incremental Development Continuous Unit Testing Continuous Integration Testing Static Code Analysis block Build Automaton Continuous Integration Continuous Delivery / Deployment Automated Regression Tests (Functional, Smoke) Security / Vulnerability Testing