The Department of Veterans Affairs has been going through a transformation for years, and a huge part of that centers on technology modernization and the agency’s adoption of DevOps and Agile methodologies.
On this week’s episode of Cyber Chat, Sean Kelly spoke with VA Office of Information and Technology executives Bill James, deputy assistant secretary of DevOps and Drew Myklegard, the executive director PSF. The discussion was focused on how the department’s modernization effort can lead to better cybersecurity practices.
The guests also touched on:
- differences between DevOps and Agile methodologies and what that means for the VA;
- a culture shift that takes place from training the workforce and contractors on these new processes; and
- developing software faster, better and cheaper for veterans.
Myklegard said it’s important to begin with safe and secure products that already have the proper controls in place. James chimed in saying that having security personnel present during interactions with the customer is vital as the VA steps away from a “waterfall” approach when it comes to modernization.
“We bake in security from the beginning in this DevSecOps approach, as opposed to bolted on at the end. We’re developing products at the beginning incrementally, [instead of] the add-the-waterfall methodology where you’re looking for something at the end,” James said. “So we’re engaging the customer at the beginning as opposed to pushing all the testing down to the end. So it’s a different way of thinking.”