Unlimited. 14-0391ii Executive Summary The Department of Defense (DoD) needs an acquisition framework for information technology (IT) that can keep pace with rapidly changing technologies and operations time to employ. This guide is intended to show how the DoD could tailor the Defense Acquisition Framework to benefit from Agile development best practices. To succeed with an Agile approach, program managers (DoD) program managers and executives have struggled for years to tailor the Defense Acquisition Framework to promote delivery of information technology (IT) capabilities in small, frequent releases – the

and Solving Problems a. Fact – Things will go wrong in Operations! i. 2001 Microsoft Operation Framework study found the best-performing organization were better at diagnosing & fixing service incidents and are subsequently transmitted to receiving equipment for monitoring 1. Create telemetry in application & environments (to include production, pre-production, and CD pipeline) iii. Ian Malpass, Etsy what’s up or down. ii. Modern Monitoring architecture 1. Data Collection at business logic, application, & environments layer a. Events, logs, & metrics b. Common service to centralize, rotate, and

through Agile 2 Nick Tuck Maximizing Retrospectives 2 Ray Page Open Agile Topics 0 Jason Beranek Application Transparency 0 Ed Snodgrass Awesomeness through Stable Teams 0 Mike Ballou Open Discussion on Agile Transparency 1 Nick Wenner Clean Code - Book Overview 2 Kyle Baardson SAFe: Scaled Agile Framework 3 Brandon McAllister Automation 2 Eric Collins The Servant: Agile Book Club 1 Ron Horner Kanban Story Points 4 Jason Wohlgemuth Agile Front-end Automation 4 Kyle Baardson SAFe: Scaled Agile Framework 3 Josh Sagucio Collaborative Work Environments 3 Nick Tuck Assuring Quality 3 Josh Wade Cyber

providing application/infrastructure stacks that are pre- approved and appropriately configured and secured. f. INTEGRATE SECURITY INTO OUR DEPLOYMENT PIPELINE i. Hardening the application after development pipeline iii. Enable fast feedback on potentially insecure changes g. ENSURE SECURITY OF THE APPLICATION i. Focus on the sad paths or bad paths to effectively address QA, Infosec and related concerns Created platform addressing bulk of compliance concerns driven by ATO requirements 2. Automating framework for generation of system security plans j. INTEGRATE INFORMATION SECURITY INTO PRODUCTION TELEMETRY

Maximizing Retrospectives Ray Page Open Agile Topics Apr 2014 Jason Beranek Application Transparency Ed Snodgrass Awesomeness through Stable Teams Mike Ballou Open Discussion Agile Transparency Nick Wenner Clean Code - Book Overview Kyle Baardson SAFe': Scaled Agile Framework Brandon MCcAllister Automation Sep 2014 Eric Collins The Servant: Agile Book

as we try to become Agile. This frame of reference includes the notions of project, systems, application, investment, architecture, skill set, and accountability. We have, to be honest, made a jumble requirements: it should be an objective, an envisioned outcome that would add business value.  The best framework I have found for working with desired outcomes as requirements is Gojko Adzic’s Impact Mapping:

A model tries to represent reality Framework is a way of looking at reality Not a modelCategorization Frameworks Categorization Frameworks - the framework proceeds the data • Put the data in exploitation; not for exploration & change Sense-making Frameworks Sense-making framework - the data proceeds the framework • Capture the data • Patterns emerge from the data • Provides context and

scaledagileframework.com  SAFe in 7 minutes - https://www.youtube.com/watch?v=RXzurBazN-I Scaled Agile Framework (SAFe): Dean Leffingwell - Agile Software Requirements: Lean Requirements for Teams Programs and

Major contributing cause of issues stems from releases representing the first time we see how an application behaves in a production-like environment ii. Don’t just document the environment specifications the value stream iii. Everything, everything, everything is checked into version control 1. Application code & dependencies 2. Environment scripts & creation tools 3. DB scripts and reference data 4. Containers 5. Automated tests 6. Project artifacts – documentation, procedures, etc. 7. Application configuration files 8. This also includes pre-production and build processes 9. Tools iv. 2014

vs BROWNFIELD SERVICES i. DevOps is not just for Greenfield ii. Important Predictor – Is the application architected (or could be re- architected) for testability and deployability? iii. Successful Brownfield mainframe and supporting applications a. They 2X release frequency b. Resulted in increased application reliability c. Reduced deployment lead time from 2 weeks to <1 day 2. Etsy a. “Barely survived the business; defines functionality ii. Development - the team responsible for developing the application iii. QA – team responsible for ensuring feedback loop exists to ensure functions as desired