DevOps, which breaks down software development silos to encourage free communication and constant collaboration, reinforces many Agile methodologies. Equally important, the Risk Management Framework, provides a clearly defined framework that helps program managers incorporate security and risk management activities into the software and systems development life cycle. In this podcast, Eileen Wrubel, technical lead for the SEI’s Agile-in-Government program leads a roundtable discussion into how Agile, DevOps, and the Risk Management Framework can work together. The panelists include Tim Chick, Will Hayes, and Hasan Yasar.
Timothy Chick is the security automation systems technical manager in the SEI’s CERT Division. Prior to joining the SEI, he worked for Naval Air Systems Command (NAVAIR), as a project manager, leading software development projects and software process improvement efforts for the E-2C Hawkeye Program. He is currently a certified Project Management Professional (PMP), Scrum Master, Product Owner, and Mentor Coach. He also holds a Lean Six Sigma Black Belt certification and was a certified CMMI-DEV and CMMI-SVC instructor. He has published numerous technical reports and by-lined technical articles in top industry publications on managing and improving software organizations.
Will Hayes is principal engineer on the Agile in Government team at the SEI. He currently supports major programs in the Department of Defense and other government agencies that acquire software from contractors applying Agile methodologies. He helps programs devise effective ways to interact with developers using these new methods, and to apply necessary due diligence (e.g., exercise oversight, report metrics and incentivize desired performance) in ways that support –rather than hinder– successful use of Agile methodologies.
Eileen Wrubel is the technical lead for the SEI’s Agile in Government program, which works to assist the federal government in adopting lean and Agile software engineering principles. Her research efforts focus on Agile in acquisition, particularly on identifying and addressing adoption barriers in the Department of Defense (DoD) and other highly regulated settings, with special interest in sustainment and contracting issues. In 14 years with the SEI, she has worked with a variety of DoD and federal acquisition programs, providing advice and assistance on software related issues.
Hasan Yasar is the technical manager of the Secure Lifecycle Solutions Group in the SEI’s CERT Division. His group focuses on software development processes and methodologies, specifically on DevOps and development, and researches advanced image analysis, cloud technologies, and big data problems. It also provides expertise and guidance to SEI's clients. Yasar has more than 25 years’ experience as senior security engineer, software engineer, software architect, and manager in all phases of secure software development and information modeling processes. He has an extensive knowledge of current software tools and techniques. He is also specializes in secure software solutions design and development in the cybersecurity domain, including data-driven investigation and collaborative incident management, network security assessment, automated, large-scale malware triage/analysis, medical records management, accounting, simulation systems, and document management. He is also an adjunct faculty member in the CMU Heinz College and Institute of Software Research where he currently teaches Software and Security and DevOps: Engineering for Deployment and Operations.