Perspectives

Delivering Cyber Solutions that Produce Mission Success

Key Elements for Achieving True Cultural Change

Agencies across the federal government have come to recognize that the only way to keep pace with today’s cyber threat actors is by rapidly implementing and continuously updating the latest and most adaptable cyber capabilities. Modern approaches such as Scaled Agile Framework® (SAFe®) and DevSecOps can help agencies achieve this goal. These frameworks allow teams to work towards a common goal by shortening the lead time to delivering capabilities and helping respond faster to changes. By applying these frameworks, organizations are able to rapidly provide cyber analysts with the new and enhanced capabilities needed to evaluate anomalies, recognize potential intrusions, and gain the insights necessary to inform effective decision making. As agencies make the transformational shift to these new frameworks, and as they continue to move operations and data to the cloud, many will need a partner to help guide and support them on their journey.

Elements of a Successful SAFe® Agile DevSecOps Implementation

Our experience supporting government agencies has revealed that a successful SAFe® Agile DevSecOps implementation depends on three key elements:

Culture

Challenge

It’s not enough to simply stamp processes with new terminology. All parties involved must have a clear grasp of the principles and framework underlying the solution. It is also essential that all government and vendor personnel have a clear understanding of their specific roles and responsibilities.

Our Solution

Our hands-on strategy helps to ensure that the habits and principles instilled facilitate a cultural change that fosters a fully integrated team working in unison toward a shared goal. We want our operations teams and DevSecOps teams working together so that they share a common vision and set of desired outcomes that drives development of the right capabilities for the end user.

Operations

Challenge

A successful solution relies on more than just developing new tools and throwing them over the fence to operations. Rigorous non-functional requirements to meet security and accessibility standards are necessary to ensure that the tools developed truly meet the needs of the end users, and each tool must be properly integrated and tuned to ensure optimal effectiveness. In addition, effective governance must be built in at the foundation.

Our Solution

Booz Allen’s strategy is built on a set of adaptable and repeatable processes for efficiently and effectively developing, integrating, and managing new tools and capabilities. We bring all parties to the table as early as possible, involving end users from the beginning to thoroughly document their requirements and understand their priorities. We demo new tools for operations and maintenance (O&M) teams, provide all the resources needed for implementation, and serve as a guiding resource throughout the deployment process to ensure ongoing success.

Resources

Challenge

Government agencies will need the support of reliable partners to help them through this transition. Such partners must be capable of providing personnel who have the needed skillsets, qualifications, and clearances to meet the mission. Solution providers should also have established partnerships with all the major players in the field and a demonstrated commitment to making the necessary investments to keep up with the latest technologies, as well as cyber products and tools enriched by threat intelligence to mitigate vulnerabilities, identify threat actors, and create analysis capabilities.

Our Solution

We have a deep bench of experienced and certified personnel trained in agile thinking and practices, including SAFe® Agilists (SA), SAFe Program Consultants (SPC), Certified Scrum Masters, Project Management Institute Agile Certified Practitioners (PMI-ACP), ICAgile Certified Professionals (ICP), and ICAgile Coaches. We also have a number of facilities specifically focused on emerging technologies and addressing technology gaps between commercially available products and the advanced tech necessary to combat the most advanced threat actors. These include our DarkLabs, AI Adoption Studio within The Helix, 5G Lab, Malware Lab, and Software Studio. Finally, we have established relationships with a range of highly qualified organizations through the Booz Allen Partner Network, which includes programs for commercial partners, public-sector organizations, small businesses, and tech startups.

A Winning Solution

Booz Allen has a proven track record, scalable strategy and the resources needed to provide government agencies with a solid foundation in all three key areas for success.

Perspectives

Developing a Hyper-Adaptable Mission Systems Framework

See how Booz Allen is helping federal agencies meet cyber challenges when securing national infrastructure. Read More

Perspectives

Serving Those who Serve our Country: Helping the VA Meet the Needs of Veterans and Their Families

When the U.S. Department of Veterans Affairs (VA) sought to undertake a substantial modernization of its Benefits Integration Platform (BIP)—the cloud-based platform nerve center that coordinates all applications and software packages throughout the agency’s claims processing infrastructure—Booz Allen proposed implementing a SAFe® Agile DevSecOps capability. The number of affected individuals is estimated to be as high as 90,000. We have subsequently developed and operated a robust change management process in coordination with the Office of Information Technology (OIT) and the Office of Business Improvement (OBI), including modernized intake, requirements gathering, agile development, and a DevSecOps pipeline for VA. We achieved one of the first and the largest SAFe® implementations at the agency, followed by the model they’re now using for product line management and their DevSecOps processes for instrumentation, monitoring, and operations.

As part of enabling BIP, we also helped VA lift and shift some large products into the cloud (migrating over 1.3PB of data) and developed a platform to share services between systems. New software applications can now be swiftly developed and immediately put to work addressing issues as they arise, and the standard data required to handle claims is readily available through shared application programming interfaces (API). Booz Allen consultants also established a specialized talent pool of software architects, cloud engineers, and business subject matter experts to allow support teams to be spun up rapidly and provide the ability to shift and prioritize new requests, making the system much more responsive to changes in legislation and veterans’ needs.

Our efforts at the VA had a swift and substantial operational impact, enabling 290 production deployments within 3 months. We achieved 75% reuse of common enterprise services and reduced the time for deployment to the environment’s configuration to 10 minutes. Once operational, our solution averaged just 11 days for production resolution of Critical/High defects and 16.5 days for Medium/Low defects, easily beating the SLA targets of 30 and 60 days, respectively. And these operational efficiencies were also reflected in financial savings, leading to a 79% reduction in infrastructure costs for VA.

A Foundation for Success

Any number of companies can propose solutions based upon the latest technologies. What sets Booz Allen apart is our proven experience implementing cutting-edge capabilities at enterprise scale in support of the largest federal, defense, and intelligence environments. We recognize that properly implementing SAFe® Agile DevSecOps is a true transformation, requiring careful planning, long-term commitment, and a willingness to embrace change. So we approach this journey from an organizational change perspective. Our focus on value creation and customer-centric delivery—rather than just product development—fosters the culture change needed to realize the full benefits of this powerful solution.