search menu icon-carat-right cmu-wordmark

DevSecOps Implementation in the DoD: Barriers and Enablers

April 2019 Webinar
Hasan Yasar, Eileen Wrubel, Jeff Boleng

In this webcast, panelists discuss potential enablers of and barriers to using modern software development techniques and processes in the DoD or similar segregated environments.

Publisher:

Software Engineering Institute

Watch

Abstract

Today's DoD software development and deployment is not responsive to warfighter needs. As a result, the DoD's ability to keep pace with potential adversaries is falling behind. In this webcast, panelists discuss potential enablers of and barriers to using modern software development techniques and processes in the DoD or similar segregated environments. These software development techniques and processes are as commonly known as DevSecOps.

About the Speaker

Hasan Yasar

Hasan Yasar is the technical manager of the Secure Lifecycle Solutions Group in the SEI’s CERT Division. His group focuses on software development processes and methodologies, specifically on DevOps and development, and researches advanced image analysis, cloud technologies, and big data problems. It also provides expertise and guidance to SEI's clients. Yasar has more than 25 years’ experience as senior security engineer, software engineer, software architect, and manager in all phases of secure software development and information modeling processes. He has an extensive knowledge of current software tools and techniques. He is also specializes in secure software solutions design and development in the cybersecurity domain, including data-driven investigation and collaborative incident management, network security assessment, automated, large-scale malware triage/analysis, medical records management, accounting, simulation systems, and document management. He is also an adjunct faculty member in the CMU Heinz College and Institute of Software Research where he currently teaches Software and Security and DevOps: Engineering for Deployment and Operations.

His current areas of professional interest include the following:

  • secure software development including threat modeling, risk management framework and software assurance model
  • secure DevOps process, methodologies and implementation
  • software development methodologies (Agile, Safe, DevOps)
  • cloud based application development, deployment and operations
  • software architecture, design, develop and management of large-scale enterprise systems

Eileen Wrubel

Eileen Wrubel is the technical lead for the SEI’s Agile in Government program, which works to assist the federal government in adopting lean and Agile software engineering principles. Her research efforts focus on Agile in acquisition, particularly on identifying and addressing adoption barriers in the Department of Defense (DoD) and other highly regulated settings, with special interest in sustainment and contracting issues.

In 14 years with the SEI, she has worked with a variety of DoD and federal acquisition programs, providing advice and assistance on software related issues.

Prior to joining the SEI, Eileen served in software project and program management and customer relationship management positions with firms such as Sabre, Logistics.com (now Manhattan Associates), and Akamai Technologies. She has also worked in a USAF acquisition program office, and spent 6 years in the Air National Guard as a Communications and Information Officer.

She is a certified SAFe Program Consultant and holds a BS in applied mathematics from Carnegie Mellon University and an MS in project management from the University of Wisconsin.

Jeff Boleng

Jeff Boleng is acting chief technology officer and a principal researcher at the SEI. Boleng joined the SEI in 2012 after 21 years of service as an active-duty cyber-operations officer in the U.S. Air Force. During his service, he was a member of the computer science faculty at the U.S. Air Force Academy for eight years and was honored with the Outstanding Academy Educator in Computer Science award for academic year 2007–2008. He has operational Air Force experience as a network engineer with the 1st Combat Communications Squadron, where he deployed in support of the Bosnian War, leading an intelligence software development team in U.S. Air Forces Europe, the command-and-control interoperability efforts for U.S. Forces Korea, and the net-centric integration efforts in Air Force Space Command. Additionally, he served as a flight commander and chief of maintenance in the 21st Space Communications Squadron and commanded the 21st Mission Support Squadron on Peterson Air Force Base, Colorado. In 2010 he deployed to Kabul, Afghanistan, in support of Operation Enduring Freedom as a mentor to the Computer Science Department head at the National Military Academy of Afghanistan and as a member of the International Security Assistance Force (ISAF).

 

Boleng earned PhD and master’s degrees in mathematical and computer sciences from the Colorado School of Mines and a bachelor’s degree in computer science from the U.S. Air Force Academy. He is a senior member of both the Association for Computing Machinery (ACM) and the Institute of Electrical and Electronics Engineers (IEEE).