“Federal IT shops are hungry for best practices on implementing DevSecOps, a practice and culture that has been around for years but was elevated to the surface as attention on network and access security heightened. A common refrain among agencies embracing DevSecOps is its potential to enhance cross agency communication but also customer experience and a sense of ownership around the IT security at every stage of a product’s lifecycle...” “Focusing on product also helped the General Services Administration use methodologies such as human centered design and agile development, according to Crystal Philcox, assistant commissioner for Enterprise Strategy Management in the Federal Acquisition Service. She pointed to the Office of Management and Budget’s Circular No. A-11, Section 280; and the Executive Order on Transforming Federal Customer Experience (CX) and Service Delivery to Rebuild Trust in Government from December. Philcox said that while human-centered design, CX and DevSecOps are separate they should be done together and should complement one another...” “Philcox’s organization has had success with Tiger Teams that combine developer and security staff, who sit down before product development starts, and plan how they will work together. ‘We also have a lot of, especially for between our dev and our business product owners, we have release planning – three-day release planning sessions, at least quarterly, where they run through all of the use cases that everyone is planning for the next couple of months, and that seems to keep everybody synced up and on the same page, too,’ she said...” Read the full article here. Source: ‘Don’t suffer in silence,’ federal IT leaders say on DevSecOps implementation – By Amelia Brust, April 11, 2022. Federal News Network.