The book includes insights from the following experts:
- Rohit Sethi, CEO, Security Compass
- Stephan Mitchev, Director/Acting CTO, USPTO
- Nicolas Chaillan, CTO, Prevent Breach
- Hannah Hunt, Chief Product and Innovation Officer, Army Software Factory
- Ian Anderson, Lead DevSecOps Engineer, Naval Surface Warfare Center, Dahlgren
- Tom Marlow, Managing Director, Dark Wolf Solutions
- Robin Basham, CEO, CISO, Founder, Enterprise GRC Solutions
7 Experts on Attaining ATO Faster in US Government Agencies was generously sponsored by Security Compass.
Throughout the private sector and particularly in the financial services and banking sectors, DevSecOps and agile development continue to grow in importance among software development teams. Companies that have adopted an agile mindset and integrated best practices within their development teams have seen unprecedented growth, even during the COVID-19 pandemic. According to the 15th Annual State of Agile Report, 86 percent of organizations adopted agile methodologies for their development teams in 2020, up from 37 percent in 2019.
Despite these gains, the public sector has been slow to adopt agile and DevSecOps approaches to software development. Across state, local, and federal government, agencies and organizations have struggled to adopt these best practices and have yet to capitalize on the ability to address secure development earlier in the software development life cycle (SDLC). By identifying opportunities to adopt an agile mindset and embrace a DevSecOps approach, agencies at all levels of government can improve the speed at which they deliver software while achieving better security outcomes.
Professionals at all levels of government agencies and departments can ship secure code faster with the implementation of leading practices, such as “shifting left” by integrating security checks earlier in the SDLC, benchmarking and tracking improvements in delivery speed, streamlining software onboarding, and encouraging knowledge of regulatory requirements.
This guide explores how agencies can increase the speed and security of their software development efforts, the importance of shifting left and adopting agile and DevSecOps practices, the link between Authority to Operate (ATO) and DevSecOps, and best practices for establishing and evaluating a software development approach.