Every organization that wants to be competitive in the digital era is taking a hard look at their software practices to move faster with greater efficiency, scalability, reliability, and security.
For a Fortune 100 aerospace & defense contractor, their hard look was a first step to development of a software factory for the entire organization using DevSecOps to enable its engineers to leverage end-to-end automation to simplify deployment of apps and infrastructure across all stages; to plan, build, test, release, operate and manage the software delivered to customers, effectively, securely, and at scale.
Realizing they had a skills shortage around critical areas in AWS, Kubernetes, DevSecOps, the client turned to MATRIX to begin this complex engagement which also covers activities around Cloud and Cyber as well as DevSecOps.
What appealed to them was MATRIX’s ability to coach team members and bring them up to speed, as well as their ability to integrate with the team in their architecture and engineering efforts.
A MATRIX AWS DevSecOps team was assembled and immediately set to work. The sponsor team they are integrating into is the DevSecOps Platform Team, but they are working collaboratively with various Leadership, Cyber, Cloud, Infrastructure and Development stakeholders.
The goal is to finish a first iteration software factory that is a minimal viable product.
Activities underway thus far include:
Established software factory flow from front end out to the environments
Laid the groundwork for a DevSecOps framework
Collaborated and built on the architectures already in place, bringing them to documented first draft completion
Coached team on Agile Threat Modeling and made it scalable for the whole org
Engineering and collaborating on terraform modules, compliance as code, artifacts, vaults, container and orchestration security, workflow integration
Working with other teams on firewall and higher-level Cloud infrastructure required
Building out Gitlab pipelines and infrastructure with team
Engineering initial EKS stack with team
Building out a minimal Proof of Concept for unified observability
Working with Cyber and DevSecOps team to help with Prisma Cloud
Building out container and orchestration security practice with team
Documenting and testing tool selection and collaborating with team on choices for the whole chain
Building out the user guide with DevSecOps team
Working with team breaking out architecture into epics and sprints to be able to quickly iterate and track progress
Collaborating with consumer development teams that will be using this software factory to test out the process and document any inefficiencies or issues to build a backlog
While results on this kind of engagement take time to bear fruit, early reports are promising.
We’ve completed AWS Gov Cloud engineering around serverless and Kubernetes to assist the DevSecOps platform team in building the foundation of their software factory.
We’ve started Agile Threat Modeling (focus on Risk).
We’ve completed some Kubernetes training around container and orchestrator security, networking, architecture, and so on.
We are building Gitlab orchestration pipelines to provision environments through infrastructure as code (Terraform) using continuous delivery.
We are doing cyber engineering— all things cyber around Cloud and Kubernetes contexts with benchmarking, building out security tools and observability, network policies, controls, security best practices, and so on.
More to come from this comprehensive, long-term engagement.