WSA 001 DEVSECOPS for the DoD: Fundamentals

DAU Courses

iCatalog Home WSA 001 DEVSECOPS for the DoD: Fundamentals
(Last Modified:04-Aug-2020)


This service-tailorable “DevSecOps for the DoD” foundations workshop provides an overview of how DevSecOps assists DoD organizations transition from existing policies, processes and procedures into a more efficient, effective and automated process using secure, reliable, and rapid software development, delivery, and deployment.

It facilitates introductions to DoD DSO frameworks such as DoD DevSecOps Platform (DSOP) and Navy’s Compile to Combat in 24 Hours (C2C24) DSO framework; successful security approaches that support continuous ATO (cATO) (pioneered by Army leadership); and DoD Enterprise Services (e.g., Air Force Platform One and Navy’s Agile Core Services). These frameworks and approaches enable PEOs to deliver capabilities securely, reliably, and rapidly to the Warfighter in potentially hours.

This workshop covers the “Why,” the “What,” and the “How” in a flow that explains the foundational blocks of DoD DSO implementation. During this offering, Full-Stack DSO Engineers and industry practitioners provide a live, hands-on DSO pipeline demonstration showing how Test Driven Development (TDD), Continuous Integration (CI), and Continuous Delivery and Deployment (CD) enables (a) DoD’s strategy to Shift Left and (b) the rapid delivery of valuable capabilities (via software) to the Warfighter at the speed of relevance.

The critical performance behaviors that the participants can apply in the workplace include:
  • Begin leading needed changes to initiate modern software practices.
  • Conversant in tech literacy and the key aspects of DSO.
  • Participants study real-world examples (such as Joint Improvised-Threat Defeat Office and Kessel Run). Participants identify their top needs to implement DSO such as leading change of the "frozen middle" and overcoming a risk averse culture. As a group, the participants discuss how to overcome these barriers, and commit to specific behaviors they would implement/lead upon return to home station.
  • Objectives
    Define how DevSecOps can be incorporated in the Department of Defense (DoD)
    1. Identify the benefits that DevSecOps offers the Department of Defense (DoD).
  • Describe why DoD is adopting DevSecOps (DSO) as its preferred software development approach that enables DoD’s strategy and its new Software Acquisition Pathway Policy
    2. Identify the theory and principles of DevSecOps
  • Identify what DSO is – the People, Processes and Technologies needed to perform DSO
  • Identify realistic techniques and tools used in modern software delivery to rapidly and securely create, test, and deliver new software features
  • Identify the key DSO metrics used to manage and monitor software development and operations
  • Analyze the challenges in adopting DSO, true Risk Management Framework (RMF), cATO; and leading change in DoD
    3. Identify the process of applying DevSecOps
  • Recognize key features of modern software development practices (e.g., Modern Architecture, Containers, Container Orchestration, Microservices, Lean Startup, Design Thinking)
  • Analyze unmet user needs and compare options for a Minimum Viable Product (MVP) to provide functional capabilities to a mission
  • Experience a live demo of delivering containerized software through the DSO CI/CD pipeline and its benefits: includes demo of Infrastructure as Code; Code Review & Merge; Automated build/scanning/testing/release
    4. Assess the Software Development Platforms currently utilized by DevSecOps
  • Recognize Service DSO approaches and enterprise services
    5. Identify ways to incorporate DevSecOps in your organization
  • Describe an effective DSO stakeholder engagement strategy and transformation process
  • Establish a strategy for specific, immediate actions and improvement toward DSO implementation
  • Target Attendees
    This workshop suitable for a variety of personnel:
  • Technical and non-technical DoD acquisition workforce members
  • Those not familiar with modern software development delivery methodologies, practices and principles
  • Foundational for all ACQ career fields (e.g. PM, ENG, T&E, Cyber, LOG, CON/FM)
  • Ideal cohort brings together diverse (government/contractor) members of the program team including developers, security, IT operations, and program management
  • Prerequisite(s)
    Recommended prerequisites: CLE 075, CLE 076, ACQ 1700, WSA 004
    Predecessor Course(s) (Acceptable as a substitute for this course until the acceptance date specified below.)
    Predecessor Predecessor Course Title PDS Code Accepted Until
    None None None None
    Course Length
    2-days classroom; 3-days virtual classroom
    Additional Course Information
    Delivery Mode Workshop
    Equivalent Courses None
    ACE Recommended Credits N/A
    PDS Code  
    DAU Public (material/prework) N/A
    Continuing Education Units   0
    Continuous Learning Points  21
    Reservist Retirement Points  
    Historical Allocations Mouse Over for Past CEU/CLPs
  • Tailored, virtual instruction delivered upon request.
  • Fee-For-Service (FFS) arrangements may be required.
  • Non-FFS offerings available for registration through the DAU Virtual Campus