Gene Gotimer is a senior architect at Coveros, Inc., a software company that uses agile methods to accelerate the delivery of secure, reliable software. As a consultant, Gene works with his customers build software better, faster, and more securely by introducing agile development and DevOps practices. He has many years of experience in web-based enterprise application design, and extensive experience establishing and using development ecosystems such as continuous integration, continuous delivery, DevOps, secure software development, source code control, build management, release management, issue tracking, project planning and tracking, and a variety of software assurance tools and supporting processes. Gene feels strongly the repeatability, quality, and security are all strongly intertwined; each of them is dependent on the other two, which just makes DevOps that much more crucial to software development.
When organizations start moving to DevOps, one of the first things they focus on is automation. It makes sense: Automated deployment tools are easy to explain, and implementing them usually shows value right away. But speed isn’t the only (or even the best) reason to move to DevOps and an automated release pipeline.
Federal agencies generally have more regulation, slower processes, and a command-and-control style of bureaucracy. How does it work when trying to foster agility and implement a continuous delivery model? Gene Gotimer relates his experiences and challenges with encouraging a culture change in federal government.
The Agile Dev, Better Software & DevOps West conference was held in Las Vegas in early June. Coveros technical manager Gene Gotimer was a speaker at the event, but he also attended as a delegate, getting to experience the keynotes, sessions, Expo, and other parts of the software conference. Here are his takeaways.
In DevOps, we have a software delivery pipeline that checks, deploys, and tests every build. The goal is to produce a viable candidate for production, so we have to look at many different aspects of quality, including security. To be sure we hit all the crucial marks, we should have a definition of done for DevSecOps.
The continuous delivery pipeline should determine whether the software is a viable candidate for production. Having frequent quality gates along that pipeline that give frequent feedback about the quality of the software helps us find that answer faster. Short feedback loops ensure better product quality.