DevSecOps Archives - | ̽��Ƶ| ̽��Ƶ

Top 10��DevSecOps��Events for��Government��in 2026��

Posted on by Rich Savage

As Federal, State and Local agencies accelerate their modernization initiatives, DevSecOps has evolved from an emerging practice to a mission-critical capability. Integrating security at the speed of development is a foundational requirement for agencies seeking to deliver innovative services while maintaining rigorous compliance and protecting sensitive data. ̽��Ƶ., The Trusted Government IT Solutions Provider®, has been at the forefront of this transformation, serving as the central hub connecting Government agencies with the industry’s leading DevSecOps solutions, platforms and expertise. Through our extensive partner ecosystem and Government contract vehicles, we enable Public Sector organizations to operationalize secure software delivery at scale. The events below represent essential opportunities for Government IT leaders, developers, security professionals and acquisition teams to explore cutting-edge DevSecOps methodologies, connect with mission-focused innovators and gain actionable insights that can be immediately applied to their agency’s secure delivery transformation.

��

March 23-26 | San Francisco, CA | In-Person Event

In 2026, the theme “The Power of Community” underscores that effective DevSecOps is a collaborative effort between people, processes and technology. As Government agencies work to meet modern mandates, integrating security at the speed of development is now a mission requirement. The RSA Conference provides a vital forum for Public Sector professionals to explore how automation, artificial intelligence (AI) and community-driven innovation can secure the software supply chain and accelerate digital transformation.

Sessions to look out for:

How to Secure Containerized Applications from Supply Chain Attacks

Chainloop: Inside Modern Software Factory: Why Bolted-On Security Fails in the AI Era

Techstrong Seminar: AI NativeDev and the Next Evolution of DevSecOps

̽��Ƶ serves as the central hub for the Public Sector community at RSA, beginning with the 13^th Annual RSA Public Sector Day on Monday, March 23^rd. Sessions will focus on FedRAMP cloud architectures, Cybersecurity Maturity Model Certification (CMMC) compliance and modernizing state cyber defenses. We invite our partners and Government customers to join us at this dedicated forum to discuss mission-specific challenges and network with the leaders shaping the future of Public Sector security. To facilitate cross-agency networking, ̽��Ƶ will host our signature Public Sector Reception on Tuesday evening, March 24^th, providing a dedicated venue for Federal, State and Local officials to connect with peers and explore tailored solutions for their specific mission requirements.

��

April 8-10 | McLean, VA | In-Person Event

This event serves as a dedicated gathering for IT, DevSecOps, cloud and application delivery professionals in the Government community. Hosted by F5, the symposium brings together Public Sector leaders, solution architects, engineers and ecosystem partners to explore strategies for securing, scaling and optimizing modern applications, Application Programing Interfaces (APIs), hybrid networking and cloud environments. Attendees will experience hands-on labs, customer success stories and deep-dive sessions led by F5 experts that cover topics such as AI-driven application protection, hybrid multicloud networking, Zero Trust strategies and modernizing legacy systems. This symposium provides Government professionals with the opportunity to sharpen technical skills, engage with real-world use cases and connect with a community focused on advancing mission outcomes through secure, high-performing application infrastructure.

̽��Ƶ is proud to serve as the host sponsor of F5 Public Sector Symposium 2026, bringing together Government IT, DevSecOps, networking, cloud and application delivery professionals with the experts and technologies that enable mission success. As F5’s trusted Public Sector distributor and a long-standing partner, ̽��Ƶ connects Federal, State and Local agencies with F5 solutions that secure, scale and optimize application delivery across hybrid and multicloud environments. Attendees are encouraged to visit ̽��Ƶ and our ecosystem of partners on the symposium floor to explore Government-ready tools, engage with technical demonstrations and discuss how secure delivery practices can be operationalized within agency programs.

��

May 5-7 | Anaheim, CA | In-Person Event

This conference brings together the global community of practitioners and leaders at the Anaheim Convention Center to explore the future of modern teamwork. For DevSecOps professionals, this conference is a vital touchpoint for learning how to bake security and compliance directly into the developer experience. As agencies scale their collaborative environments, this conference highlights the tools and methodologies needed to bridge the gap between building software and maintaining a rigorous security posture. Attendees can expect interactive learning sessions with hands-on guided exercises, demos, best practices and Q&A with Atlassian product experts designed to deepen practical knowledge on agile planning, workflow automation and modern delivery practices, as well as breakout sessions and panels on scalable teamwork exploring how teams solve real-world challenges with Atlassian tools.

̽��Ƶ serves as the primary Government aggregator for Atlassian‘s full suite of collaboration, agile and development tools, enabling Public Sector organizations to modernize teamwork and software delivery practices. Through our dedicated Atlassian team, ̽��Ƶ works closely with Federal, State and Local agencies to streamline access to Atlassian solutions via a wide range of Government contract vehicles, helping agencies maximize the value of their Atlassian investments highlighted at Team ’26.

��

May 11-14 | Atlanta, GA | In-Person Event

Registration for Red Hat Summit 2026 is now live. The event will convene thought leaders, practitioners and IT pioneers to explore innovations in DevSecOps, AI, hybrid cloud, automation and emerging technologies. For Public Sector agencies, this event is the premier destination to learn how to operationalize DevSecOps through hybrid cloud and automation. The 2026 agenda is built around providing technical depth and “beyond the basics” insights to help agencies maximize their investments in secure, scalable infrastructure. Key areas of focus will include application of Red Hat Technologies, AI and emerging tech, community and team innovation and development best practices.

As a continued sponsor for 2026, ̽��Ƶ will host a 10×10 exhibit in the expo hall. Public Sector attendees can connect with ̽��Ƶ’s Red Hat team throughout the week to explore how open source, hybrid cloud and secure platforms are enabling modernization across their agencies. Planning to attend? Contact the Red Hat team at redhatmarketing@carahsoft.com for strategies to support your IT initiatives and make the most of your time onsite.

��

May 14 | Washington, D.C. | In-Person Event

This symposium brings together Government leaders, technologists and mission-focused innovators to explore how emerging software capabilities can be securely delivered to the warfighter at speed and scale. Through expert-led discussions, real-world use cases and collaborative conversations, this symposium highlights how Government and industry can work together to accelerate outcomes while maintaining compliance, security and mission alignment. This event serves as a critical forum for defense and civilian agencies seeking to understand how modern DevSecOps practices can support national security objectives and operational readiness.

̽��Ƶ is proud to serve as a sponsor of this event, supporting meaningful collaboration between Government and industry to advance mission-ready software solutions for the Department of War (DoW) and Federal agencies. As a leading aggregator of innovative DevSecOps technologies for the Public Sector, ̽��Ƶ connects defense and civilian agencies with the platforms, tools and expertise needed to accelerate secure software delivery in mission-critical environments. We encourage Government attendees to engage with ̽��Ƶ representatives and our ecosystem of partners at the symposium to explore how our Government contract vehicles and technical expertise can help operationalize the secure delivery practices and emerging capabilities discussed throughout the event.

��

June 1-5 | San Diego, CA | Hybrid Event

This premier global conference series brings together IT professionals, software engineers, cloud architects and DevSecOps practitioners to explore the forefront of modern software delivery. Attendees will gain deep insights into DevSecOps best practices, Continuous Integration/Continuous Delivery (CI/CD), cloud and Kubernetes adoption, platform engineering, observability and automation workflows through expert-led sessions, hands-on workshops, bootcamps and interactive learning experiences. With tracks covering DevSecOps and cloud security, CI/CD pipeline optimization, Kubernetes ecosystem advancements and leadership strategies for scaling DevOps in enterprise environments, this conference equips Public Sector and industry teams with the knowledge needed to accelerate secure software delivery and operational excellence.

Sessions to look out for:

From Perimeter Security to Continuous Trust: Practical DevSecOps for Cloud-Native Platforms

CI/CD Workshop: From Zero to Continuous Integration and Continuous Delivery

AI-Driven Observability for Reliable Kubernetes Systems: From Incidents to Self-Healing Infrastructure

Through our deep relationships with DevSecOps technology partners and solutions providers that participate in DevOpsCon, ̽��Ƶ helps Public Sector agencies engage with the latest methodologies in CI/CD automation, Kubernetes orchestration, cloud-native security and platform engineering. Our extensive partner ecosystem and contract vehicles make it easier for Government IT leaders to adopt the innovations showcased at DevOpsCon and accelerate their secure delivery transformations.

��

July 28 | Reston, VA | In-Person Event

̽��Ƶ is excited to announce the fourth annual DevSecOps Conference, an in-person forum dedicated to advancing secure software delivery across the Public Sector. As Government agencies continue to modernize their digital infrastructure, this event serves as a critical meeting point for Government leaders, systems integrators and industry thought leaders to discuss the latest updates in the evolving DevSecOps landscape. By bringing together diverse perspectives, this conference ensures that agencies are equipped to implement security and compliance at every stage of the development lifecycle. Attendees will benefit from a full day of keynote addresses, panel discussions, lightning rounds and networking opportunities focused on mission-critical DevSecOps topics, including secure automation pipelines, DevSecOps and AI integration, cloud security and compliance and cross-agency software delivery transformation. The program will feature a robust agenda of supporting panels and technical sessions designed to provide attendees with a comprehensive look at modern software development, from exploring cloud-native architectures to refining CI/CD pipelines.

̽��Ƶ proudly hosts the DevSecOps Conference 2026 as a signature event designed specifically for the Government DevSecOps community. As the premier Government IT solutions provider and trusted aggregator for DevSecOps technology partners, ̽��Ƶ convenes Public Sector leaders, industry specialists and integrators to share insights, explore innovations and advance secure software delivery practices. Through this conference, ̽��Ƶ showcases the breadth of capabilities available through our partner ecosystem and contract vehicles, helping agencies accelerate their DevSecOps journeys and operationalize secure, scalable software development across mission environments. Check out our event site closer to the date for more information. If you are a vendor interested in sponsorship opportunities, please reach out to us at DevSecOpsMarketing@̽��Ƶ.com.

��

August 1-6 | Las Vegas, NV | In-Person Event

Black Hat USA 2026 remains the world’s leading stage for cutting-edge information security research and highly technical training. For DevSecOps professionals, this event is vital for maintaining the integrity of the Software Factory against emerging vulnerabilities. While many events focus on building and deploying applications, Black Hat offers a unique “hacker’s eye view,” enabling Public Sector attendees to identify better, understand and remediate risks across CI/CD pipelines and cloud-native environments before they can be exploited. Attendees can expect hands-on security trainings for developers and engineers, technical briefings on application, cloud and infrastructure security and Arsenal tool demonstrations.

Throughout Black Hat week, ̽��Ƶ brings together members of the Government community and industry partners to foster collaboration and knowledge sharing. A major highlight for the Government community is the ̽��Ƶ Public Sector Reception held on Wednesday, August 5^th. This exclusive event provides a dedicated venue for Federal, State and Local officials to network with industry peers and discuss how to apply the conference’s research findings to their specific mission requirements.

��

October 15 | Online Event

Conf42 DevSecOps 2026 is a free, online conference dedicated to advancing secure software delivery practices. It brings together DevSecOps practitioners, engineers and security advocates from around the world to share practical insights and technical lessons learned across cloud security, automation, CI/CD pipeline practices, governance, identity management and vulnerability remediation. The event is designed for anyone involved in balancing speed and safety in modern DevSecOps workflows and emphasizes community-driven, thoughtful content over sales-focused presentations. Last year’s highlights included thoughtful DevSecOps keynotes and talks featuring expert insights on embedding security into development pipelines, practical technical content across tracks spanning AI, cloud, infrastructure, security and transformation and community and industry perspectives showcasing real-world examples from practitioners in diverse environments.

̽��Ƶ recognizes Conf42 DevSecOps 2026 as an accessible and valuable virtual forum for Government DevSecOps professionals to engage with a global community focused on secure software delivery at scale. Through our broad partner ecosystem, ̽��Ƶ enables Public Sector teams to connect with expert insights and community-led innovation showcased at Conf42. Government attendees can leverage these engagements and ̽��Ƶ’s Government contract offerings to adopt, implement and scale DevSecOps practices within their mission environments.

��

October 19-22 | Orlando, FL | In-Person Event

The Gartner IT Symposium/Xpo is one of the most influential global conferences for Chief Information Officers (CIOs), senior IT executives and technology leaders shaping enterprise and Government IT strategy. The North America event convenes thousands of attendees each year to explore Gartner’s latest research, frameworks and guidance across digital transformation, cloud adoption, cybersecurity, AI, data and modern software delivery. For Public Sector DevSecOps leaders, this symposium provides strategic insight into how secure software development, platform engineering and cloud-native practices align with broader agency modernization goals. Attendees gain executive-level perspectives on scaling technology initiatives, managing risk and operationalizing innovation across complex environments, making the event particularly valuable for leaders responsible for Software Factories and enterprise DevSecOps programs.

̽��Ƶ highlights Gartner IT Symposium/Xpo 2026 as a strategic forum for Government technology and DevSecOps leaders to connect with research-driven insights and hands-on solution innovation. With a broad ecosystem of ̽��Ƶ partners sponsoring, exhibiting and presenting across the IT Xpo, Government attendees will have the opportunity to engage with technologies that support secure collaboration, cloud modernization, automation, threat-aware delivery and scalable software engineering. ̽��Ƶ’s Government contract vehicles and expert partner network make it easier for Public Sector agencies to adopt and operationalize the solutions and strategic guidance featured throughout the week.

��

November 2-6 | San Francisco, CA | In-Person Event

OWASP Global AppSec USA 2026 is the flagship U.S. conference hosted by the Open Web Application Security Project (OWASP). This multi-day event brings together application security professionals, developers, researchers and DevSecOps practitioners to explore the latest strategies, tools and community-driven innovations that improve software safety and secure development practices. Attendees can engage with leading experts, participate in technical workshops, explore the latest open source security tools and collaborate with peers on addressing critical application security challenges.

̽��Ƶ highlights OWASP Global AppSec USA 2026 as a must-attend event for Government DevSecOps and secure development teams because it brings together the leading community, open source project maintainers and solution providers shaping modern application security practices. With an active roster of ̽��Ƶ partners sponsoring and exhibiting on the expo floor, Government attendees can explore hands-on demos, engage in technical discussions and discover tools that help integrate security throughout the software delivery lifecycle. Through ̽��Ƶ’s ecosystem and Government contract vehicles, agencies can more easily adopt and operationalize the innovative AppSec solutions and insights featured at Global AppSec.

��

November 9-12 | Salt Lake City, UT | In-Person Event

This event remains the premier gathering for Kubernetes and cloud-native practitioners across the global open source ecosystem. Hosted by the Cloud Native Computing Foundation (CNCF), this multi-day conference brings together thousands of developers, Site Reliability Engineers (SREs), platform engineers and DevSecOps professionals to share real-world learnings, explore emerging technologies and collaborate on advancing secure, scalable cloud-native application delivery and operations. Attendees will benefit from deep-dive technical talks, maintainer-led breakout sessions, lightning talks, co-located project days and hands-on workshops focused on Kubernetes, microservices, observability, CI/CD, automation and cloud-native security. Last year’s highlights included hands-on trainings and workshops providing practical, instructor-led learning opportunities focused on Kubernetes operations, technical breakouts and maintainer-led talks showcasing the latest advancements across the CNCF ecosystem and the Project Pavilion and Expo Hall serving as a central hub for collaboration.

̽��Ƶ encourages Government DevSecOps and cloud engineering teams to engage with our extensive ecosystem of cloud-native and DevSecOps partners exhibiting and sponsoring KubeCon + CloudNativeCon North America 2026. Across the expo floor, ̽��Ƶ partners will showcase solutions that support Kubernetes security, containerized application delivery, observability, CI/CD automation and platform engineering. By connecting with these partners onsite, Public Sector attendees can explore how trusted, Government-ready technologies within the CNCF ecosystem can help modernize and secure cloud-native environments.

As DevSecOps continues to mature across the Public Sector, these events represent essential opportunities for Government IT leaders, developers, security professionals and acquisition teams to stay at the forefront of secure software delivery innovation. From hands-on technical workshops to strategic executive briefings, each gathering offers unique value tailored to different aspects of the DevSecOps journey. Whether you are just beginning to build out your software factory, refining CI/CD pipelines or leading enterprise-wide DevSecOps transformation, these events provide the insights, connections and solutions needed to advance your agency’s mission. ̽��Ƶ is committed to supporting the Government DevSecOps community through our extensive partner ecosystem, Government contract vehicles and active participation at each of these events. We encourage you to attend, engage and leverage these opportunities to accelerate your secure delivery capabilities.

To learn more or get involved in any of the above events, please contact us at DevSecOpsMarketing@̽��Ƶ.com.

For more information on ̽��Ƶ and our industry-leading DevSecOps technology partners and events, visit our DevSecOps solutions portfolio.

Removing Complexity from Compliance: Buoyant and TestifySec

Posted on by Abby Costin

Traditionally, achieving an Authorization to Operate (ATO) has been a grueling marathon. It often demands expensive consulting fees, lengthy manual documentation and no clear visibility into where your architecture actually stands against NIST 800-53 requirements. For organizations running cloud-native architectures on Kubernetes, this complexity is magnified. You aren’t just securing a perimeter; you’re securing hundreds of microservices communicating in real-time.

and are changing that narrative. By combining technology with we are helping organizations and agencies shrink compliance timelines with cryptographic proof at every step.

How to meet NIST 800-53 requirements?

To sell to Government agencies or to operate within them, you need a secure product and proof of that security. Compliance frameworks like and both rely on the NIST 800-53 control catalog. They require both the technical implementation of security controls and verifiable evidence that validates them.

The partnership between Buoyant and TestifySec helps alleviate the resources needed to implement these controls through:

The Technical Foundation (Buoyant): Buoyant Enterprise for Linkerd provides automatic mutual TLS (mTLS) encryption for all service-to-service communication. Additionally, it uses , satisfying strict Federal requirements for data in transit, and provides a FIPS dashboard to simplify the auditing process.
The Compliance Automation Layer (TestifySec): Even with encryption in place, proving it to auditors can take months. TestifySec automates this by capturing cryptographically-signed attestations directly from CI/CD pipelines—including evidence of Linkerd’s encryption configurations. These attestations map to controls and generate System Security Plans (SSPs) in OSCAL format, replacing manual screenshots and developer surveys with tamper-evident proof.

Why are Buoyant and TestifySec better together?

Whether you are a software vendor seeking FedRAMP authorization or a Federal agency modernizing under FISMA guidelines, this partnership offers three distinct advantages:

Velocity Without Friction: Linkerd provides automatic mTLS for all in-cluster traffic, covering both the control plane and data plane without requiring changes to application code. TestifySec captures attestations for these configurations automatically—no screenshots or developer surveys required.
Continuous Compliance: Compliance isn’t a “one and done” event. TestifySec provides ongoing validation and automated reporting alongside Linkerd’s FIPS dashboard that offers real-time proof of encryption and readily available CMVP numbers for auditors.
Simplified Procurement: Both Buoyant and TestifySec are available through ̽��Ƶ, making it easier to leverage existing contract vehicles to acquire the full solution and removing red tape from the purchasing process.

The shift to Kubernetes shouldn’t be a compliance hurdle. By combining the world’s fastest, lightest FIPS-validated service mesh with pipeline-native compliance automation, Buoyant and TestifySec are making the Federal market accessible to the next generation of innovators and helping agencies secure their missions faster.

Learn more about FIPS-validated with Buoyant and the

̽��Ƶ. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including Buoyant, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the��̽��Ƶ Blog��to learn more about the latest trends in Government technology markets and solutions, as well as ̽��Ƶ’s ecosystem of partner thought-leaders.

The Top 10 DevSecOps Events for Government in 2025

Posted on by Rich Savage

In the modern digital age, security practices must keep pace with the rapid speed of software development. DevSecOps revolutionizes this by embedding security into every phase of the development lifecycle, ensuring that security is a shared responsibility from the very start. This approach is particularly crucial for the Public Sector, where agencies build and deploy software that must meet continuously evolving security standards.

̽��Ƶ., The Trusted Government IT Solutions Provider®, features numerous solutions for Government IT decision-makers, industry and vendor partners and technology thought leaders, including those in DevOps and DevSecOps Solutions and Services. At several key events ̽��Ƶ is participating at this year, attendees will learn about security best practices, discuss emerging trends, take part in hands-on workshops and much more, ensuring agencies stay up to date with the latest developments in DevSecOps and cybersecurity. Here are the top events to watch for in 2025.

April 28-May 1 | San Francisco, CA | In-Person Event

Through technical sessions, hands-on labs and connecting with top professionals, attendees will discover unparalleled opportunities for networking, as well as insights into cutting-edge cybersecurity technologies, best practices and strategies to protect against evolving threats. Attendees should look for sessions that cover data protection, Zero Trust initiatives and AI applications in cybersecurity.

As a proud key participant in the RSA Conference, ̽��Ƶ partners with leading cybersecurity vendors to offer tailored solutions that address the unique needs of Federal, State and Local agencies. ̽��Ƶ is also excited to host the at RSA Conference on Monday, April 28. This year’s program will examine key areas such as developing a strong cybersecurity workforce, understanding the impact of AI on both offensive and defensive cyber operations and improving the exchange of information among government entities. Following RSA Conference on Tuesday, April 29 ̽��Ƶ is hosting our from 6:00 pm – 9:00 pm at The Conservatory at One Sansome.

May 15 | Washington, D.C. | In-Person Event

This symposium features cutting-edge solutions in areas such as AI, cybersecurity and advanced software systems, giving Government, defense and industry leaders the opportunity to explore the latest innovations in national security and defense technology. Attendees will gain insights from thought leaders, participate in hands-on demonstrations and engage in high-level discussions aimed at driving defense capabilities forward.

Sessions to look out for:

The Future of Strategic Offsets – Bridging Technology and Defense

AI-Powered Defense Solutions

Cyber Resiliency in Modern Warfare

The Role of Open Source in Defense Innovation

As a Platinum Sponsor, ̽��Ƶ will showcase its expertise in defense solutions through an interactive booth, speaking engagements and a VIP networking session. Be sure to stop by our booth and speak with one of our team members!

AWS Public Sector Summit

June 10-11 | Washington, D.C. | In-Person Event

̽��Ƶ Top DevSecOps Events Blog Embedded Image 2025

To meet the unique challenges of the Public Sector, this summit brings together Government, education and nonprofit leaders to explore the latest cloud innovations and solutions. Attendees will gain insights from industry experts, participate in hands-on workshops and learn how AWS enables organizations to accelerate their digital transformation, enhance security, integrate cloud security solutions into DevSecOps and improve mission outcomes.

Join ̽��Ƶ, a leading distributor of cloud solutions to the Public Sector and a trusted AWS partner, in DC and stop by our ̽��Ƶ Pavilion, featuring our vendors Anchore, Hashicorp, Hyland, Rackspace, Second Front and more. Join us after the first day of the summit on June 10 for a networking event just a short walk away at Planet Word Museum!

̽��Ƶ’s DevSecOps Conference

July 29 | Reston, VA | In-Person Event

Our premier event will explore the integration of security into the development lifecycle, leveraging automation, compliance frameworks and modern tools to enhance operational efficiency. Attendees gain actionable insights into trends, challenges and best practices for secure application delivery, legacy system modernization and meeting compliance mandates, fostering collaboration and innovation across the Government technology landscape.

This ̽��Ƶ-hosted conference features fireside chats, presentations and technology demonstrations from Government leaders and industry experts. For an idea of what to expect at our 2025 event, check out last year’s videos and resources at our resource hub. If you are a vendor interested in sponsorship opportunities, please reach out to us at DevSecOpsMarketing@̽��Ƶ.com.

October | Washington, D.C. | In-Person Event

Through expert-led sessions, hands-on workshops and real-world case studies, attendees will explore the latest trends, tools and best practices in DevSecOps and gain valuable insights into security, enhancing collaboration and the best practices of integrating security seamlessly into the DevOps lifecycle. Attendees should look for sessions about global software development trends and success stories from Public Sector clients.

̽��Ƶ enables attendees to explore tailored solutions that streamline workflows, ensure compliance and accelerate the adoption of secure software development practices. Check out the events tab on our website for more information closer to the date of the event.

DevSecCon by Snyk

October | Virtual Event

With a focus on bridging the gap between security and development, offering insights into the latest trends and providing tools and practices in DevSecOps, this event will explore best practices for integrating security into the software development lifecycle. Through a combination of keynote speeches, hands-on workshops and interactive sessions, attendees will gain valuable knowledge on securing cloud-native applications, mitigating risks and enhancing collaboration between security and development teams.

Tracks at this event include AI Security, Open Source Security and Security Culture & Education

At DevSecCon, ̽��Ƶ showcases its partnerships with top-tier vendors, offering attendees the opportunity to learn about cutting-edge technologies and solutions tailored to enable the Public Sector to become DevSecOps compliant while meeting their unique needs. To learn more about ̽��Ƶ and Snyk’s DevSecOps capabilities and how we will be involved in this event soon, visit our website.

November 10-13 | Atlanta, GA | In-Person Event

By uniting developers, operators and technology leaders to explore the latest innovations in containerization, microservices and cloud-native architectures, this event provides attendees with hands-on workshops and technical sessions to learn from industry experts on topics ranging from Kubernetes and container orchestration to DevOps, security and cloud infrastructure. Attendees should look for sessions about Kubernetes security, cloud-native security tools and DevSecOps automation.

̽��Ƶ’s booth and vendor demo kiosks will present solutions for secure Kubernetes deployments in Federal agencies. Check back soon to our events website for more information on this year’s event.

Splunk GovSummit

December | Washington, D.C. | In-Person Event

By providing a firsthand look at how Splunk’s data analytics, security and operational intelligence solutions can enhance mission-critical operations across Federal, State and Local agencies, this event enables attendees to gain insights from real-world case studies. Learn about emerging trends in data and network with industry leaders shaping the future of Government technology, as well as how to utilize Splunk for continuous monitoring in a DevSecOps pipeline.

As a key partner of Splunk GovSummit and distributor of Splunk’s powerful analytics platform, ̽��Ƶ will provide a team of experts to share valuable knowledge, offer tailored solutions and facilitate connections between Government professionals and Splunk’s cutting-edge products, enabling attendees to transform data into actionable intelligence. To stay informed on our presence at Splunk GovSummit, visit our website and explore Splunk solutions.

Public Sector Network’s DevSecOps Virtual Event

TBA | Virtual Event

To provide a comprehensive look into the integration of security within the DevOps lifecycle, this event looks at incorporating security from planning through deployment. Topics covered include enhancing security measures, improving DevOps processes and ensuring compliance with Federal standards, all while addressing real-world examples and the unique needs of Government agencies. Attendees should look for sessions about security challenges, automation strategies and real-world use cases for DevSecOps in the Public Sector.

̽��Ƶ will showcase innovative solutions that enhance security, streamline workflows and ensure compliance, empowering Public Sector agencies to meet the demands of modern software development in a secure and efficient manner. Check out the events tab on our website for more information closer to the date of the event.

Multiple Dates | Multiple Locations | In-Person and Virtual Events

With both in-person and online options, this dynamic series of events brings together IT professionals, developers and business leaders to explore the latest innovations in Open Source technology, cloud-native solutions and automation. Featuring keynote sessions, expert-led workshops and hands-on labs, this conference empowers attendees to drive transformation within their organizations, improve efficiencies and accelerate their digital transformation journey. Attendees should look for sessions about security automation, containerization best practices and DevSecOps with OpenShift.

̽��Ƶ provides comprehensive support and expertise to help Government agencies, educational institutions and other Public Sector agencies leverage Red Hat’s innovative Open Source solutions. ̽��Ƶ is a gold sponsor at this year’s event, and we will continue to update the details of our presence here.

Previous Event Highlights

Atlassian Team on Tour Government

Public Sector professionals joined to explore the latest tools and strategies for driving collaboration, efficiency and innovation across Government teams. This dynamic event showcased Atlassian’s solutions for managing complex projects, improving cross-functional workflows and fostering a culture of transparency and accountability. Attendees gained valuable insights from industry leaders, learned how to optimize team performance with Atlassian products and discovered best practices tailored to the unique challenges in Government.

As a proud key partner, ̽��Ƶ brings its expertise in providing innovative IT solutions by offering attendees personalized insights on how Atlassian’s software can address their unique challenges and improve mission-critical operations.

By gaining new insights and perspectives on the right tools to continually integrate DevSecOps into every stage of the software development process, Public Sector agencies can ensure their systems remain secure. With DevSecOps, agencies can increase the delivery speed of their software, monitor systems in real time and collaborate with other agencies.

To learn more or get involved in any of the above events please contact us at DevSecOpsMarketing@̽��Ƶ.com. For more information on ̽��Ƶ and our industry leading DevSecOps technology partners’ events, visit our DevSecOps solutions portfolio. 

Join Fellow Change Agents and Innovators at Prodacity 2025

Posted on by Seamus Bergen

With change on the horizon, Federal organizations are re-evaluating legacy processes for software development in order to deliver new and better software to Americans. They’re taking bold action and transforming organizations into continuous software delivery innovators.

In honor of these government IT change agents,Rise8 is hosting Prodacity 2025 in Nashville, TN on February 4-6. Over three days, Prodacity will bring together technology leaders at every level to learn, discuss, experiment, problem-solve and build transformative solutions that change constituents’ lives.

The agenda for Prodacity 2025 is packed with expert-led sessions and practical insights tailored to give attendees a complete perspective on effectively implementing continuous delivery. Software development requires more than development expertise; it calls for strategic thinking, an understanding of culture, sound governance and product management skills. Prodacity 2025 attendees will learn about and experience all this and more.

Each day will focus on different phases of continuous delivery. On day one, attendees will learn about setting a strategic direction for continuous innovation. Day two will be all about mastering tactics for continuous improvement. On day three, attendees will identify where to start with practical steps to drive transformation.

Speaking of Transformation

Prodacity 2025 will feature an impressive lineup of speakers from both the private and public sectors. Notable speakers include:

KEYNOTE: – Barry is an expert on model innovation, product development, cultural transformation and organization design. At Prodacity 2025, he will speak on why we need a system for unlearning. He co-founded Nobody Studios, a venture studio to create 100 compelling companies over the next five years. His bestselling book, Lean Enterprise: How High-Performance Organizations Innovate at Scale, is the subject of a pre-conference ��

– Mr. Justin Fanelli is the Acting CTO for the Department of Navy and Technical Director of PEO Digital, driving mission-critical IT transformations and cost-efficient innovations. He has held key roles including Chief Data Architect for Defense Health and Technical Director for Navy MPTE, earning accolades like the Etter Award for impactful service delivery and multi-billion-dollar cost savings. A DARPA Service Chiefs Fellow, he has led groundbreaking advancements in healthcare data systems and Navy enterprise solutions. Outside work, Mr. Fanelli teaches at Georgetown, advises startups and contributes to nonprofits like TechImpact.

– Mr. Paul Controveros is the Chief of the Combat Force Enhancement Division at Space Operations Command in the for the U.S. Space Force where he leads all support to Deltas’ Combat Development Teams and Supra Coders. He also leads a team of professional software developers charged with delivering digital tools to the force. Upon retiring from the USAF with 26 years of military service, Mr. Contoveros worked as a contractor supporting the HQ AFSPC S5/9 Advanced Capabilities Team, which morphed into the Directorate of Innovation upon the standup of HQ SpOC. In this role he created the monthly Delta Innovation Collaboration Exchange (DICE), authored the Accelerated Delta Innovation Process (ADIP) and co-authored the command’s first ever, nearly completed, Innovation Operations Instruction. Mr. Contoveros joined the government team in July of 2023 as Director of Innovation, re-branded as the Combat Enhancement Division as part of the SpOC re-organization in 2024.

– Alistair is the author of Lean Analytics, widely considered required reading for startups and Just Evil Enough. He is also the chair of FWD50, a growing community of policymakers, technologists and civic innovators. Drawing on his experience as the builder of web performance pioneer Coradiant and Year One Labs incubator, Alistair will educate Prodacity attendees on MVPs for enterprises.��

– Edward serves as Chief Customer Officer, helping enterprises overcome legacy modernization challenges. As a seasoned software engineer, Edward previously worked at Pivotal Labs and played a significant role in its growth, leading the rapid expansion of the technical field organization. His Prodacity talk will provide attendees with a perspective on real continuous delivery.��

Join us at Prodacity

̽��Ƶ is thrilled to sponsor Prodacity 2025. We look forward to working alongside the speakers, representatives, attendees and all change agents seeking to disrupt government technology’s status quo.

Please join us February 4-6, 2025, in Nashville, TN. Prodacity will be unlike any other government event you’ve attended—it is the GovTech symposium of the year.��

How to Accelerate the Journey to Government Compliance with CCM

Posted on by Esty Peskowitz

Government agencies are inundated with a vast amount of daily Governance, Risk, and Compliance (GRC) tasks and processes. Achieving regulatory compliance, an arduous process, can take up precious time that could be reallocated to other business-critical missions.

Continuous controls monitoring (CCM) is one solution. CCM leverages AI and extreme automation to help cut down on manual processes, allowing agencies to overcome regulatory hurdles, supercharge their staff, and make better risk-based decisions with fast, cost-effective automations.

Improving the Compliance Process

Creating a quality compliance report comes with heavy, manual processing time. CCM can help significantly by taking away some of the cumbersome brunt work, cutting 60-80% of the manual tasks required by GRC programs.

RegScale Government Compliance CCM Blog Embedded Image 2024

It can also help overcome hurdles to reaching valuable security authorizations. Completing an Authorization to Operate (ATO) package can take roughly six months to finish — but that process can be reduced to two weeks with the right CCM platform. CCM also gives agencies a leg up with gaining Continuous Authorization to Operate (cATO) by leveraging OSCAL, a machine-readable format that standardizes security control documentation and enables automated validation.

The Time-Saving Capabilities of Machine Learning and AI

In the past year, advances in machine learning (including large language models and generative AI) have created exciting new possibilities for GRC teams. AI and machine learning (ML) can offer everything from better data analysis to proactive risk management to a major reduction in manual processes. Here are a few of the most compelling use cases for :

Help employees proactively monitor traffic
Review code for errors unlikely to be caught by the human eye
Explain complex controls and procedures in everyday language, bridging knowledge gaps
Generate accurate, up-to-date documentation in one click

Overall, AI allows agencies to move faster, with more accuracy, and with better visibility. To free up staff to complete mission-critical objectives, agencies should create their own AI/ML usage strategies and implement them within a Compliance as Code framework.

How RegScale’s CCM Leverages Compliance-Trained AI

RegScale’s AI-enabled platform, RegML, combines CCM and leading large language (LLM) tools to streamline compliance management with intelligent automation and precision. This approach improves compliance by significantly reducing manual labor and costs. It also provides user-friendly summaries and guidance and improves accuracy and precision in documentation, freeing up staff to focus on core business objectives.

RegML has four main AI features:

AI Extractor, which automatically derives compliance documentation from existing policies and procedures.
AI Explainer, which is designed to demystify control statements by providing users with simple explanations of intricate controls.
AI Author, which helps draft control implementation statements in the context of relevant regulations and requirements. This process allows writers to focus on editing a draft, leading to fewer errors and better accuracy.
AI Auditor, which identifies gaps in controls and provides suggestions for improvement. This frees up teams to work on more critical tasks like fixing gaps and implementing controls.

CCM and the Future

Today, more and more work is being done in the cloud. As data becomes ephemeral and serverless, cybersecurity has become more important than ever — as have the mandatory frameworks governing it. Meanwhile, regulations such as NIST’s Secure Software Development Framework (SSDF), the Digital Operational Resilience Act (DORA), the Security and Exchange Commission (SEC) rules, Cybersecurity and Infrastructure Agency (CISA) mandates, and the European Union’s AI Act have or are predicted to undergo changes.

These shifting frameworks only make CCM more integral, as its AI features allow users to ensure that they are thoroughly compliant at every step of the process. By freeing time for additional tasks, and by maintaining adherence to changing regulations, CCM enables organizations to improve their GRC programs and streamline their operations.

To learn more about how RegScale’s CCM platform provides a layer of security around AI usage, watch its webinar .

̽��Ƶ. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including RegScale, we deliver solutions for Geospatial, Cybersecurity,��MultiCloud,��DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the ̽��Ƶ Blog to learn more about the latest trends in Government technology markets and solutions, as well as ̽��Ƶ’s ecosystem of partner thought leaders.

Rethinking and Modernizing the ATO Approval Process

Posted on by Travis Howerton

The path to securing Authorization to Operate (ATO) approval presents a myriad of challenges, such as complex regulations, the potential for human error and the constant threat of cyberattacks. The role of an Authorized Official (AO) necessitates both speed and thoroughness to ensure an organization’s risk is minimized while also safeguarding sensitive information. Traditional manual, point-in-time assessments are proving insufficient, resulting in significant security risks. As digital transformation accelerates in both the Government and Private Sector, regulatory compliance requirements have also increased, yet the tools and processes used to meet these standards fall behind. This disconnect poses a challenge for AOs, underscoring the urgent need for innovation in the ATO approval journey.

Preventing Compliance Drift

RegScale Modernizing ATO Approvals Webinar Recap Embedded Image Blog 2024

To stay ahead of the threats against the nation while simultaneously reducing the friction and corrosion in the compliance process, a proactive approach of implementing necessary measures and safeguards before they are mandated by regulatory requirements is essential. As Brandt Keller, Software Engineer at Defense Unicorns, stated during a recent webinar discussing the ATO approval process, “New technologies are coming, and we need to implement them and understand what they do, how they do it and what controls they do or do not satisfy.” The role of compliance within the DevSecOps process is pivotal, especially when switching from one technology to another. This decision must consider how the change impacts compliance, as the environment shift can alter the ATO posture. Such changes may result in drift or even expose the system to malicious actors seeking to escalate privileges or perform unauthorized actions. While compliance and security are often viewed as separate processes, they can and should be integrated to provide an additional layer of defense.

Preventing drift in IT systems is a crucial aspect of maintaining continuous compliance. AOs must actively collect and report data to accurately reflect the current state of their systems. Leveraging open standards on a platform is essential for effectively utilizing data. To achieve this, AOs need reliable methods for producing and regularly assessing data. Building a system from the ground up with compliance in mind involves meticulously implementing and automating controls that can be rerun consistently. The process must be both repeatable—able to redo tasks—and reproducible—able to collect evidence and achieve the same results. Any deviation indicates a potential issue, a change or an environmental modification that has made it less compliant. This approach allows AOs to confidently attest that their ATO meets all required controls and prevents any drift.

Implementing Automation

Automating processes within DevSecOps pipelines has emerged as a pivotal strategy, particularly streamlining compliance checks before system deployment. This approach allows decision-makers to assess risk before a system is even deployed. Moreover, the ability to continuously evaluate and update data in real time enhances accuracy and ensures timely access to critical information. However, accessibility of data remains a challenge due to the number of disconnected environments in existence. Open standards such as OSCAL solve this problem by providing a unified framework for continuous data integration. By adopting platforms that adhere to open standards, organizations can foster innovation and empower AOs with data in a familiar and actionable format, thereby optimizing efficiency and bolstering security measures.

ATO Risk Management Framework (RMF) artifacts represented in OSCAL machine-readable formats break down information silos, achieving effective communication across teams and facilitating seamless data handoffs. Automation is pivotal in expediting the decision-making process, alleviating the burden on the human workforce, enabling AOs to access better-quality data and making risk-based decisions more efficiently. While the potential for error is still present, automation significantly mitigates human error in data handoffs across all controls and systems. It also helps security professionals focus on managing risk rather than completing rudimentary compliance tasks.

Automating technical and administrative controls is not the same. While traditional approaches rely on application programming interface (API) data, nontraditional methods such as infrastructure as code (IaC)—managing computing infrastructure through provisioning scripts—or compliance as code—managing regulatory requirements by encoding them into automated scripts or code—offer alternative paths. These approaches allow organizations to establish rules and apply validations programmatically, mirroring the precision and speed of technical controls. However, not all controls are created equal; some function as checkboxes without mitigating risks. The critical controls that significantly impact an environment’s security posture should be the priority for automation. As emphasized by Travis Howerton, Co-founder and CEO at RegScale, “it is less important what percent of total controls are covered than what percentage of your total risk you are mitigating with automation.”

The cadence mismatch between cyber threats that move at lightspeed, and heavily manual compliance processes must be fixed. “The big part of what has to modernize,” according to Howerton, “is taking more automated approaches, leveraging advances in technology and thought leaders in this space to figure out how we can do things in a more automated manner to bring the principles of DevSecOps to compliance.” This strategic focus will ensure thorough and repeatable processes and prepare AOs for a future where compliance and security are dynamically intertwined, ultimately supporting better risk-based decisions and unlocking the full potential of digital transformation. By accepting early that ATOs should be more real-time and continuous, AOs can better position themselves for the future.

Watch RegScale and ̽��Ƶ’s webinar, , to learn more about modernizing the ATO approval process.

DevSecOps: Achieving Efficiency and Scale with Automation and Software Factories

Posted on by Rich Savage

In today’s rapidly evolving digital landscape, Government agencies face many challenges in delivering modern, secure software applications to the end-user. DevSecOps is a methodology that combines development, security and operations to create a more streamlined and secure software development process. This concept has emerged as a transformative approach that integrates security practices, automation and software factories into the software development lifecycles from its inception. At the industry experts and innovators shared their knowledge of emerging tools, effective strategies and methodologies in software engineering through several educational sessions.

Unlocking Efficiency: The Power of Automation and AI/ML

Automation helps developers improve the efficiency and quality of code, reduce risk and combat security vulnerabilities. As a key component of DevSecOps, automation allows developers to simplify many of the tasks involved in software development, such as testing, deployment and monitoring. Once automated, developers can focus on writing high-quality code and addressing security vulnerabilities, rather than spending time on redundant manual tasks.

The use of AI has transformed the way developers work, compared to 20 years ago when code was primarily written from scratch. Today, external libraries — software code written by a third-party source — are used frequently which introduces a new set of risks and benefits. The benefits include making software development faster and more efficient as developers use pre-existing code to build their applications. However, if a third-party library has a security vulnerability, it can be exploited by malicious actors to gain access to sensitive data. If not maintained properly, the third-party library can become outdated and incompatible with other software components.

Software Factories

Software development has become an essential part of today’s business operations, and Government agencies are constantly seeking ways to improve their processes. Recently, the concept of the software factory—a structured approach to software development that emphasizes standardization, automation and collaboration—has gained popularity. It establishes a set of tools, processes and best practices that enable teams to develop software more efficiently and effectively. The goal of a software factory is to create a repeatable and scalable process for software development that can be applied across different projects and teams. By implementing this strategy, agencies can improve the quality, speed and consistency of their software development efforts.

One of those best practices, Continuous Integration and Continuous Deployment, are combined in a single process known as CI/CD. CI is the practice of frequently merging code changes from multiple developers into a shared repository, where automated tests are run to address integration issues early in the development cycle. This ensures the code is always in a releasable state and reduces the risk of conflicts and errors when changes are merged. CD, on the other hand, is the practice of automatically deploying code changes to production as soon as they pass the necessary tests and checks. Thus, enabling teams to release software changes quickly and frequently. By utilizing CI/CD, teams can achieve a continuous flow of code changes from development to production, which is imperative for modern software development.

Elevating DevSecOps: A Blueprint for Integrating Early Software Security Measures

Securing software in a containerized environment presents unique challenges due to the dynamic nature of containers and the distributed nature of container orchestration platforms like Kubernetes. Government agencies must ensure that containers are properly configured and secured, as misconfigurations can lead to vulnerabilities that can be exploited by attackers. Another difficulty is detecting and responding to security incidents in a timely manner, as containers can be spun up and down quickly and may be spread across multiple nodes in a cluster. Securing software early can help agencies reduce risk, lower costs, deliver software faster and improve collaboration between development and security teams.

Another crucial component of DevSecOps—continuous delivery—enables teams to deliver software changes quickly, safely and sustainably. This means that teams can release software changes frequently and with confidence, knowing that the changes have been thoroughly tested and are ready for production. Through a combination of automation, collaboration and feedback loops, continuous delivery helps reduce the time and effort required to release software changes.

Agencies can adopt a DevSecOps approach that integrates security into the software development lifecycle from the beginning. This involves using tools and processes to automate security testing and validation, as well as incorporating security requirements into the development process. For instance, agencies can use tools like vulnerability scanners and security-focused container images to detect and remediate vulnerabilities in containers. They can also use automation to validate security requirements and ensure that containers are properly configured and secured.

Securing software early in the development process can lead to several benefits including:

Reduced risk of security incidents: By identifying and addressing security vulnerabilities early in the development process, agencies can minimize the risk of security incidents and data breaches.
Lower costs: Fixing security issues later in the development process is much more expensive than addressing them early on. By integrating security into the development process from the beginning, agencies can reduce the cost of fixing security issues and avoid costly rework.
Faster time to market: Adopting DevSecOps approach can help agencies to deliver software faster by automating security testing and validation. This decreases the time for manual testing and enables faster release cycles.
Improved collaboration: Agencies can strengthen collaboration between development and security teams to ensure requirements are properly understood and incorporated into the development process. This proactive initiative can help foster a culture of security throughout the agency.

The adoption of DevSecOps, along with its fundamental principles, empowers Government agencies to establish a more efficient and secure software development process. This is achieved through the implementation of automation, the adoption of a software factory approach and the early integration of security measures.

To learn more about DevSecOps best practices and trending innovations, visit ̽��Ƶ’s DevSecOps vertical solutions portfolio.��

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at ̽��Ƶ’s annual DevSecOps Conference.*

Generative AI, DevSecOps and Cybersecurity Highlighted for the Air Force and Space Force at DAFITC 2023

Posted on by Mike McCalip

Thousands of Space Force and Air Force personnel and industry experts convened to discuss the most current and significant threats confronting global networks and national defense at the 2023 Department of the Air Force Information Technology and Cyberpower Education & Training (DAFITC) Event. Throughout the many educational sessions, thought leaders presented a myriad of topics such as artificial intelligence (AI), DevSecOps solutions and cybersecurity strategies to collaborate on the advancement of public safety.

Leveraging Generative AI in the DoD

At the event, experts outlined three distinct use cases for simplified generative artificial intelligence in military training.

Text to Text: This type of generative AI takes inputted text and outputs written content in a different format. Text to Text is associated with tasks such as content creation, summarization, evaluation, prediction and coding.
Text to Audio: Text to Audio AI can enhance accessibility and inclusion by creating audio content from written materials to support elearning and education and facilitate language translation.
Text to Video: Text to Video AI is primarily geared towards generating video content from a script to aid the military with language learning and training initiatives.

Dr. Lynne Graves, representative of the Department of the Air Force Chief Data and Artificial Intelligence Office (CDAO), provided attendees with a brief timeline of how the USAF will fully adopt artificial intelligence. The overarching aim for AI integration is to make it an integral part of everyday training, exercises and operations within the Department of Defense (DoD).

In FY23, the DoD is focusing on pipeline assessment. Using red teaming where ethical hackers run simulations to identify weaknesses in the system, internal military personnel target improvement of their infrastructure and mitigation of the vulnerabilities in the different stages of the pipeline.
In FY24, the emphasis will be on the Red Force Migration policy, which involves developing, funding and scaling the necessary strategies.
In FY25, the goal is for the department to become AI-ready. This entails preparing for AI adoption at all agency levels, establishing a standard model card that explains context for the model’s intended use and other important information, creating a comprehensive repository of data and implementing tools for extensive testing, evaluation and verification.

USSF Supra Coders Utilize DevSecOps for Innovation

The current operations of United States Space Force (USSF) Supra Coders involve a range of activities that combine modeling, simulation and expertise in replicating threats. These operations are conducted globally, and currently include orbit-related activities, replication of DA ASAT (Direct Ascent Anti-Satellite) capabilities and the reproduction of adversarial Space Domain Awareness (SDA).

The USSF Supra Coders have encountered limitations with software solutions, including restrictions tied to standalone systems, licensing structures with associated costs and limited adaptability to meet the specific needs of aggressors and USSF requirements. DevSecOps presents a multifaceted strategy for mitigating the identified capability gaps noted by the USSF Supra Coders. It can help create more effective and efficient software solutions through seamless integration of security protocols, streamlining system integration processes, optimizing costs and enhancing customizability.

Cybersecurity Within the Space Force

Cybersecurity is a shared responsibility across the DoD but is especially relevant for the U.S. Space Force. As a relatively newly emerging branch of the military, the Space Force is still developing its cyber strategies. Due to its completely virtual link to its capabilities, the USSF must prioritize secure practices from the outset and make informed decisions to protect its networks and data.

Currently, the Space Force is engaged in the initial phases of pre-mission analysis for its cyber component which serves as a critical element for establishing and maintaining infrastructure through the integration of command and control (C2). These cyber capabilities encounter a series of complex challenges, which necessitate a multifaceted approach including the following solutions:

Enforcing Consistent Cybersecurity Compliance
Developing Secure Methods to Safely Retire Old Technology
Enhancing Cryptography Visibility
Understanding Security Certificate Complexity
Identifying Vulnerabilities and Mitigating Unknown Cyber Risks

While the Space Force faces a uniquely heightened imperative to bolster its cybersecurity capabilities with its inherent reliance on information technology and networks in the space domain, the entire community must collaborate effectively to achieve military leaders’ targeted cybersecurity capabilities by the goal in 2027.

The integration of generative AI in military training, innovations through DevSecOps by the USSF Supra Coders and cybersecurity initiatives of the Space Force collectively highlight the evolving landscape of advanced technologies within the Department of Defense. Technology providers can come alongside the military to support these efforts with new solutions that enhance the DoD’s capabilities and security.

Visit ̽��Ƶ’s Department of Defense market and DevSecOps vertical solutions portfolios to learn more about DAFITC 2023 and how ̽��Ƶ can support your organization in these critical areas.��

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at DAFITC 2023.*

Building a DevSecOps Culture

Posted on by Rich Savage

As software becomes more sophisticated, it plays an increasingly important role in all aspects of government operations. However, given the complexity and intertwined nature of modern software, any vulnerability could have wide-ranging consequences, which makes security of vital importance. The federal government has taken notice. A number of recent policy directives address issues related to the software supply chain, and key agencies are leading a governmentwide effort to promote secure software development, including the Executive Order on Transforming Federal Customer Experience and Service Delivery to Rebuild Trust and the Executive Order on Improving the Nation’s Cybersecurity. Learn how you can implement DevSecOps to support your journey to secure, innovative software in ̽��Ƶ’s Innovation in Government® report.

The Mindset Shift that Enables DevSecOps

“In an ideal world, technology and processes support team members’ ability to deliver on their particular talents. Before agencies implement DevSecOps methodologies, they should identify where their processes are getting bottlenecked and forcing people to either work around them or fundamentally change their behavior. Instead, we want to make it easy for employees to do the right thing. The goal is to enable people to focus on what they do best — regardless of where they operate in the stack or the tools they are using — so that agencies can build and deploy secure, modern apps.”

Read more insights from Alex Barbato, Public Sector Solutions Engineer at VMware.

How Generative AI Improves Software Security ��

“Generative AI tools are becoming increasingly prevalent, providing interactive experiences that captivate the public’s imagination. These tools are accessible to anyone, offering a unique opportunity to engage and explore the creative possibilities enabled by AI technology. The technology doesn’t just train a model to recognize patterns. It can create things that are easy to understand: images, text, even videos. Sometimes the results are hilariously wrong, but other times the results are quite impressive, such as clear, concise answers to complex questions. Generative pre-trained transformer (GPT) technology, such as ChatGPT, has opened the doors for everyone to be an evaluator because the output is accessible and easy to critique.”

Read more insights from Robert Larkin, Senior Solutions Architect at Veracode.

��

Open Source is at the Heart of Software Innovation

“Embedding security into applications from the start is essential for streamlining and strengthening the entire development life cycle. Securing the software supply chain is a related effort that is of vast importance to government operations. Beyond securing individual applications, the ultimate goal is to build security into the pipeline itself. At each step and every handoff, we must be able to verify who has touched the software and who did what to ensure that the end result is what we intended to build and that nothing malicious has been injected along the way.”

Read more insights from Chris Mays, Staff Specialist Solutions Architect at Red Hat.

DevSecOps Needs Tool Diversity and Collaboration

“As DevSecOps methodologies and software factories grow in prevalence, agencies are recognizing that software development is a team sport — inside the agency, across departments and with external stakeholders. It touches many different teams, but getting everyone on the same page with tooling can be difficult. Different teams prefer different tools, and that makes collaboration hard. Modern software development brings security practices forward in the timeline while reducing duplication of efforts and improving real-time accountability. Success hinges on removing blockers, creating visibility and making sure collaboration is happening at every stage. In addition, encouraging input from different areas of the organization from the beginning and throughout development is vital for innovation.”

Read more insights from Ben Straub, Head of Public Sector at Atlassian.

Observability Speeds Zero Trust and Application Security

“In response to increasing cyberthreats, the government is speeding up the move to zero trust. This security model assumes that every user, request, application and non-human entity is not to be trusted until its identity can be verified. Zero trust principles require a layered defense that is more effective when rooted in observability. To develop an architecture that validates and revalidates every entity on the network, it is necessary to know what those entities are, how they’re communicating and how they typically behave so we can recognize deviations. Zero trust and observability technologies work together to create a more secure and resilient network environment by assuming that all requests for access are untrusted and continuously monitoring the network to detect and respond to potential threats.”

Read more insights from Willie Hicks, Public Sector Chief Technologist at Dynatrace.

The Role of a Service Mesh in Zero Trust Success

“For large companies and government agencies, it’s safe to assume that a committed attacker is already inside their networks. Executive Order 14028 mandates that every federal agency develop a Zero Trust architecture because it is the most effective approach to mitigating what attackers can do once they’ve made their way inside. What does Zero Trust look like at runtime? One of the key considerations is identity-based segmentation, which involves conducting five policy checks for every request in the system: encrypted connection between service endpoints, service authentication, service-to-service authorization, end user authentication, and end user-to-resource authorization.”

Read more insights from Zack Butcher, Founding Engineer at Tetrate and co-author of the NIST SP 800-200 series and SP 800-207A.

AI and the Journey to Secure Software Development

“By automating and optimizing DevSecOps workflows, we can still shift security left while relieving developers from the burden of some complex remediation. It begins with a workflow that leverages fully automated security scanning to rapidly identify vulnerabilities as well as providing suggested remediation for vulnerabilities and on-demand remediation training to educate developers on what they are getting into. The rapid evolution of artificial intelligence is making new advances possible. The opportunities go well beyond AI-assisted code creation. AI features are being expanded across the entire software development life cycle. When it comes to security, having AI assist by making code functionality clear or explaining a vulnerability in detail reduces the time required to remediate risk.”

Read more insights from Joel Krooswyk, Federal CTO at GitLab.

Scaling App Development While Meeting Security Standards

“The dream for any software development team is constant, stable releases. The faster teams get the work they’ve created into production, the faster the agency can derive value from that work. When app development is stymied by cumbersome security reviews and stability testing and by the need to wait for a deployment window, innovation is stifled and the return on investment is delayed. If agencies want to have efficient, value-driving software development teams, those teams must be able to move with agility. A trustworthy, scalable DevOps pipeline that brings together testing and security in a seamless way allows teams to push out new apps and improvements quickly so government employees and citizens can have a seamless digital experience and the most up-to-date tools and information.”

Read more insights from Kyle Tobener, Head of Security and IT at Copado.

—an exciting day of exhibits, speaking sessions, and networking events. We look forward to showcasing new DevSecOps updates from our supporting panels featuring government, systems integrators, and industry thought leaders.

Download the full Innovation in Government® report for more insights from DevSecOps thought leaders and additional industry research from FCW.

Speed Your Agency’s Software Deployments in 6 Easy Steps

Posted on by Jim Dodson

Slow, bottlenecked, and often archaic release methods challenge most government agency software delivery teams. But can help your agency achieve faster releases with less risk.

Enterprise feature management provides teams with total control over application features, fine-grain release targeting, and detailed audit logs. It starts with feature flags, a powerful tool that allows your development teams to turn features on or off without requiring a code change or deployment. They are a modern solution to traditional hard-coded boolean flags custom-built for each app. With an enterprise feature management platform, you can use a pre-set feature flag enterprise framework to define and operate a simple and seamless experience. This delivers a that, among others, dramatically streamlines and accelerates software delivery. It also empowers teams to roll out new functionality gradually and selectively rather than all at once. And, your agency can “dark launch” a feature in production, reducing dependencies on expensive and custom staging environments.

Here are six steps that government agencies can take to get started with LaunchDarkly Federal, the only FedRAMP-authorized feature management platform. These steps will help you understand how to use feature management for high-speed, low-risk software releases of legacy and new applications:

1. Put in place the LaunchDarkly SDK to enable feature flagging

��ܲԳ��ٲ��’s&�Բ��; allow your developers to implement and share feature flags quickly and easily across software applications. They provide an easy way to connect new and existing applications to the LaunchDarkly SaaS platform. Simply include your programming language-specific LaunchDarkly SDK into your application to get started. The SDK initializes to a specific environment, manages default values and targeting contexts, handles any connectivity issues, and listens for feature status and rule changes. SDKs provide the support for real-time application updates without the need to deploy new code.

2. Identify your environment(s)

In traditional release motions, government agencies identify and set up numerous development, testing, and production environments. Not only is each environment often expensive, but running a release through so many gates can be a significant challenge for resource-strapped teams. It is almost impossible to simulate a production level environment in staging and so when you release to production, you are testing in production anyways. Why not do it safely with granular targeting to reduce risk? With an enterprise feature management solution, you can reduce the number of environments and focus more on safely and securely testing in production.

3. Target, or even micro-target, your release

The next step is determining exactly where you will release individual features, and when. With feature flags, your development teams can release features in a highly customized way. By creating targeting rules, teams can easily target individual releases to a subset of users, resources, or even infrastructure, before making them widely available to all end-users. It’s possible to even micro-target a single user.

Targeting makes it simple to progressively release a new feature to a QA team or to project sponsors for feedback. The granular control over features and release targeting that LaunchDarkly Federal provides will enable more control than traditional blue/green deployments alone.

4. Flip a switch, and release whenever you want

With enterprise feature management, your development teams can separate deployment and release processes. Engineering teams can deploy code, and non-engineering teams can trigger the release with a simple flip of the switch. Decoupling these processes reduces the risk of failure and allows teams to release new features quickly and efficiently. Your development teams can keep progressing on their software development projects and release new features at the best time for their program or department. And, enterprise feature management also allows your project and program teams to develop, test, and deploy features using custom workflows with enterprise-level management capabilities.

By using low-risk continuous integration/continuous development (CI/CD) development processes with incident resolution times of less than 200ms, teams can improve developer productivity and reduce the time it takes to release new features to production.

5. Quickly disable features if issues or errors occur

In the event of an issue or error, teams need to be able to quickly disable features to avoid any issues affecting the application in production. Issues could range from something major such as security vulnerabilities to minor usability and cosmetic problems. With traditional processes, a team would have to roll back to a previous release losing everything they just deployed or take down an entire application to address issues or errors. However, with enterprise feature management solutions, teams can quickly disable the individual problematic feature leaving the rest of the application unchanged. Instead of the lengthy and cumbersome rollback and redeployment processes, this limits the impact to the application with zero downtime. DevSecOps teams would then typically perform a “patch forward” for the fix.

6. Track the release with detailed analytics

Using analytics, monitoring tools, and processes helps guarantee that your software meets government guidelines and agency policies. Using enterprise feature management, your agency can gather detailed audit logs and analytics to inform your decision-making and improve software delivery processes across your mission-critical programs.

Following these six simple steps can help you shrink your agency’s release time from years and months, to days and hours, just like it did for the Using LaunchDarkly and the six steps above, CMS went from one launch once per quarter, to completing six launches within a single day to support a global rollout.

Feature management is a powerful DevSecOps tool that can truly accelerate the delivery of transformative software. With detailed control over features, release targeting, and detailed audit logs, your agency can reduce risk and deliver software at the speed of the commercial world.

to learn more about LaunchDarkly, and view our our public sector webinar to learn more about DevSecOps best practices.

��

��

��

��

��

��

��

��

��

��

��

��

How to meet NIST 800-53 requirements?

Why are Buoyant and TestifySec better together?

AWS Public Sector Summit

̽����Ƶ’s DevSecOps Conference

DevSecCon by Snyk

Splunk GovSummit

Public Sector Network’s DevSecOps Virtual Event

Previous Event Highlights

Atlassian Team on Tour Government

Speaking of Transformation

Join us at Prodacity

Improving the Compliance Process

The Time-Saving Capabilities of Machine Learning and AI

How RegScale’s CCM Leverages Compliance-Trained AI

CCM and the Future

Preventing Compliance Drift

Implementing Automation

Unlocking Efficiency: The Power of Automation and AI/ML

Software Factories

Elevating DevSecOps: A Blueprint for Integrating Early Software Security Measures

Leveraging Generative AI in the DoD

USSF Supra Coders Utilize DevSecOps for Innovation

Cybersecurity Within the Space Force

1. Put in place the LaunchDarkly SDK to enable feature flagging

2. Identify your environment(s)

3. Target, or even micro-target, your release

4. Flip a switch, and release whenever you want

5. Quickly disable features if issues or errors occur

6. Track the release with detailed analytics

̽��Ƶ’s DevSecOps Conference