Booz Allen Commercial delivers advanced cyber defenses to the Fortune 500 and Global 2000. We are technical practitioners and cyber-focused management consultants with unparalleled experience – we know how cyber-attacks happen and how to defend against them.
Our strategy and technology consultants have empowered our international clients with the knowledge and experience they need to build their own local resources and capabilities.
In facing challenges of modernization, our Middle East and North Africa clients have complex requirements that benefit from our proven experience in guiding major programs and projects for governments and private-sector organizations. The services we offer in UAE, Qatar, Egypt, Turkey, Kuwait, Morocco, Jordan, and other regional countries build on our consulting legacy.
Our clients call upon us to work on their hardest problems—delivering effective health care, protecting warfighters and their families, keeping our national infrastructure secure, bringing into focus the traditional boundaries between consumer products and manufacturing as those boundaries blur.
Booz Allen was founded on the notion that we could help companies succeed by bringing them expert, candid advice and an outside perspective on their business. The analysis and perspective generated by that talent can be found in the case studies and thought leadership produced by our people.
Explore our featured teams and missions. Search openings and find out how you can support our meaningful missions.
Continue your mission with us. Get advice from our recruiting team, and browse our FAQs.
Seeking an internship or entry-level position? Learn about the impact you can make on our team.
Find out more about our application process, explore our benefits, and review our FAQs.
Learn more about Booz Allen's diverse culture and environment of inclusion that fosters respect and opportunity for all employees.
Our 22,600 engineers, scientists, software developers, technologists, and consultants live to solve problems that matter. We’re proud of the diversity throughout our organization, from our most junior ranks to our board of directors and leadership team.
Booz Allen takes pride in a culture that encourages and rewards the many dimensions of leadership—innovative thinking, active collaboration, and personal service. We’re particularly proud of the diversity of our Leadership Team and Board of Directors, among the most diverse in corporate America today.
Many organizations are failing to realize the benefits of modern software delivery, such as increased velocity, increased resiliency, higher code quality, and less unplanned downtime. A successful DevSecOps transformation needs to include a philosophy that encompasses processes, practices, and a culture of continuous learning and improvement.
In 2009, the general understanding in the IT industry was that projects would run late, underperform, or simply fail, resulting in fear and resistance from business users. Despite the advancements following the Agile Manifesto, iterative development was failing to complete the “last mile” to continuous delivery.
Patrick Debois introduced the term “devops” to capture his vision for a future where developers and sysadmins would work together to deliver reliable software faster. Since then, the movement has evolved to DevSecOps—incorporating security into the culture, principles, and processes created to streamline software release cycles.
According to the State of Agile Survey, 71 percent of IT organizations have current or planned DevSecOps initiatives. In fact, Gartner predicts that 50 percent of the CIOs who have not transformed their capabilities by 2020 will be displaced from their leadership teams.
Yet despite the rapid adoption, many organizations are failing to realize the benefits of modern software delivery, such as increased velocity, increased resiliency, higher code quality, and less unplanned downtime. Through our work across industry and government, we’ve seen organizations invest heavily in DevSecOps toolchains only to replicate legacy processes. That’s because a DevSecOps solution is more than tools—it’s a philosophy that encompasses pipeline automation processes with practices that take code changes all the way through production.
The growing ecosystem of tools and vendors can make organizations lose focus on the most critical tenet of successful DevSecOps transformation: a culture of continuous learning and improvement.
The founders of DevOps envisioned a multidisciplinary approach grounded in communication, domain understanding, and passion for the underlying business. These are human characteristics that cannot be automated—they are qualities cultivated through a strategic vision, transformational leadership, and employee empowerment. The challenge is that culture change is a wicked problem; every organization consists of multiple unique cultures, and there are no right or wrong approaches to transformation.
No one has the perfect recipe for the ideal DevSecOps culture, but a century of consulting has taught us a few best practices for getting started. Step one: Develop your rallying cry for DevSecOps transformation.
Consider hosting a cross-functional retrospective to develop a common understanding of the challenges in current delivery processes. Is there an ingrained “us vs. them” mentality across your development and operations teams? Do your developers respect the value of sysadmins? It’s important to understand the problems you’re trying to solve and the experiences and beliefs that have driven your current culture when developing your DevSecOps vision.
The 2017 State of DevOps Report found that the characteristics of transformational leadership—vision, inspirational communication, intellectual stimulation, supportive leadership, and personal recognition—are highly correlated with strong IT performance. These characteristics set the tone for the organization and reinforce high-trust cultural norms.
If you’re responsible for leading a DevSecOps transformation, consider a public pledge to serve as the chief culturist. Read everything you can about DevSecOps, go to conferences, and build relationships with other leaders on the journey to modern software delivery.
Once you have a chief culturist and a resounding DevSecOps rallying cry, the next step is to assess your DevSecOps maturity level. Our Enterprise DevOps Playbook includes a maturity questionnaire with a series of questions related to seven core DevOps practices.
“You must understand where you are in the spectrum, and more importantly, what you want to get out of each practice area to drive DevSecOps adoption.”
- Jimmy Pham, Principal
Beyond these practice areas, it’s also important to determine which stakeholders will be affected by the DevSecOps implementation, and how. Clearly defining the changing policies and processes and gaining buy-in from stakeholders significantly reduces the quality and security risks of DevSecOps implementations.
If you’ve come this far, you likely have an idea of the budding change leaders within your organization. Now’s the time to identify and mobilize these influencers across functions and teams. Consider creating a community of practice or guild to assemble and empower change agents, and provide resources for training and experimentation. At Booz Allen, we provide our people with subscriptions to Udemy for on-demand training and host crowdsourcing challenges to encourage entrepreneurship. These leaders should espouse the principles of DevSecOps and help advocate and champion the transition.
In addition to IT roadmaps, we recommend designing journey maps to capture the movements that matter for your stakeholders. The journeys should include planned touchpoints to engage, train, and support each audience, including insights into what people will think or feel during each interaction.
At the individual level, these touchpoints should focus on foundational capabilities and good habits. If you roll in a dynamic continuous integration/continuous delivery pipeline that can deploy multiple times a day but you don’t have proper software configuration management, you’re basically deploying garbage faster. Defining, recognizing, and rewarding good habits such as code coverage and continuous integration are fundamental to a high-performing DevSecOps culture.
Organizations fall into the DevSecOps technology trap because they expend all their resources on the toolchain and assume that the culture and foundational practices will follow. But real world DevSecOps failures show that investment in a clear vision, defined processes, and empowered people are critical for successful transformation.
Tackling the wicked problem with DevSecOps really comes down to stepping back and asking: what are we trying to do here, who do we need to get it done, and what is the best way to do it?