DevOps(Sec) Transformation RoadmapBecause DevOps is passé

Step 1:

Understanding and level setting expectationsStep 1:

Understanding and level setting expectationsStep 1:

Understanding and level setting expectations

Step 2:

Collaborative Preparation

Step 4:

Continuous Improvement

Conduct assessmentsFindings and opinions of organizational culture,engineerpractices, security, quality, infrastructure management, and deployment pipelines based on interviews, observations, and surveys across the organization

Culture Engineering Excellence DevOps Practices Inspect & Adapt

Set goalsMeasurable and quantifiable outcomes

ACreate a DevOps Center

of Excellence portal

DDevelop a common

language

EHelp identify, implement,

and configure supportive tools

FHelp identify,

implement, and configure tools to support DevOps

practices

GInstitute minimal

standards / quality

HEstablish the

Lightweight Agile Governance FrameworkTM

Documented expectations on

how initiatives are started, managed,

delivered, and measured

CFacilitate training,

boot camps, and workshops

BDefine new roles

to support DevOps

Step 3:

Initial Strategic Activities

Stand-up a Temporary DevOps(Sec) teamCreate a cross-functional team (methodologist, technologist, champions) to help development,

operations, and security in establishing the DevOps practices and culture across the organization.

Establish Agile engineering practicesDelivery teams collaborate to identify, document, and

champion patterns, practices, and quality minimums that helps them continually and rapidly deliver new value.

Create a cloud-based infrastructure management practice

Establish an organizational practice to support a highly scalable secure and compliant value-driven delivery process with

technologies like Infrastructure as Code (IaC), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Implement Continuous IntegrationEstablish a shared set of tools, practices, and quality

minimums for the Continuous Integration approach.

Implement Continuous Delivery / DeploymentEstablish a shared set of tools, practices, and quality

minimums for the Continuous Delivery / Deployment approach.

Disband the Temporary DevOps(Sec) teamDisband the team after the initial set of DevOps practices are being

practiced and the organization is mature enough with their Continuous Improvement process to continually Inspect & Adapt.

1

2

3

4

5

6

01000001 01100111 01101001 01101100 01100101

√ Retrospectives√ Experiments√ Measures√ Metrics√ Benchmarks√ Key Performance Indicator

● Architectural patterns ● Engineering practices● Quality

Development DevOpsSec Practices Operations Infrastructure ManagementConfiguration ManagementContinuousMonitoring

Iterative & Incremental DevelopmentContinuous Unit TestingContinuous Integration Testing

Static Code Analysis block

Build

Aut

omat

on

Con

tinuo

usIn

tegr

atio

n

Cont

inuou

s Deli

very

/ Dep

loym

ent

Auto

mat

edR

egre

ssio

n Te

sts

(Fun

ction

al, S

mok

e)

Secu

rity

/ Vu

lnera

bility

Testi

ng