Reviewing FBO.gov and the GSA Ebuy portal, there are currently close to 300 open opportunities across the Federal government for the implementation, development, or management of agile processes and procedures. Tools used to enable and reinforce these processes are also abundant on the marketplace, but how can you select them in order to correctly meet government security standards? The documentation requirements often found within these government needs, including FedRAMP compliance, can be prohibitive without context. This blog will discuss tools currently available on the marketplace that meet FedRAMP compliance, while enabling agile processes across your organization, and can be integrated simultaneously to create even more sustainable managerial solutions.
Enabling Agile with Multiple Tools
It’s no surprise there are a range of toolsets on the marketplace that enable agile processes. However, many of these exist in a non-compliant cloud state and are rendered inaccessible for government users. Problems arise either through authentication, authorization of use, permissions, or from a general security and vulnerability standard. Three tools we are going to discuss today which can be hosted in FedRAMP compliant environments include:
Atlassian Jira Software
All three have some overlap in surface capabilities, but when combined they provide a deep functionality for enabling agile processes.
Jira Software + Confluence
The Atlassian Tool Suite (Jira Software and Confluence) has been successfully used for over a decade across multiple Federal organizations. The products have been deployed across FedRAMP Low – High environments and enable multiple work environments to run effectively with diverse solutions. Using Jira Software, project managers and SCRUM masters are enabled to properly manage tasks and user stories, estimate and create sprint burndown charts, and track and manage the development of solutions across simple and complex workflows.
Confluence provides the wiki collaboration and documentation feature, often replacing SharePoint in agencies as the de-facto documentation tool. In unison Jira Software and Confluence enable traceability across written documentation networks and requirements along with deployment capabilities.
GitLab is the end all, be all for application development. From inception to operation, usability is intuitive, and maintenance is easy to keep up to date. It provides users the capability to host a code repository that allows team leaders to actively track and manage development stories, tasks, and implementation all while utilizing the underlying DVCS. GitLab also enables collaboration through the use of wikis, and can be hosted across different low, medium, and high security environments simultaneously.
Jira + Confluence + GitLab
While these services can provide incredible capabilities on their own, covering multiple functionalities under the DevSecOps tool chain, the true power of their scope is realized when they are combined. When this set of tools is applied together users are empowered to accomplish more through utilizing the main strengths of each tool, specifically:
Jira Software: Project Management and tracking
Confluence: Wiki documentation
GitLab: Code repository, CI/CD, and deployment capabilities
Jira, Confluence, and GitLab can be synchronized together easily using multiple add-ons and apps from the marketplace. Many are free, while others carry a licensing cost to attach them. Enabling GitLab and Jira provides you with a full view of Tasks, Bugs, and User Story development in the Jira work environment. While documentation is developed in Confluence, including Branches / Commits / Merge Request information, and notes in GitLab.
These tools when combined, create a functional strength in their unison. It is the combination that allows each tool to work more effectively for a wide range of common organizational needs. And most importantly, these tools can be deployed across multiple Federal and Commercial organizations in a variety of network conditions and implemented in preapproved FedRAMP environments. Implementing and enforcing Agile processes is essential in your Federal Agency. Jira, Confluence, and GitLab combined provide not only these capabilities in a secure environment, but also possess all the functionality required to keep your agency on the cutting edge of available technology.
How are you enabling Agile in your organization? Feel free to reach out, comment, or drop us a line and let us know! www.ascendintegrated.com
Before the technology giants of today, the automotive industry, a looming and monopolistic industry paved the way for manufacturing and innovation. Eventually, General Motors (GM), Ford, and Chrysler would come to define an entire century rich with innovation. At the center of it were the core lynchpins of engineering and process management: Lee Iacocca, Henry Ford, and a name not mentioned as often as deserved, but who was considered the Elon Musk of his time, John DeLorean.
A playboy, iconoclast, engineer, and overall ‘rebel’, DeLorean helped shape the future of the automotive industry using his charisma to inspire designs and engineering capabilities which would help to birth the muscle car era of the 1960s and 70s. What DeLorean represented, was entrepreneurship in its purest form – a man eventually willing to do whatever it would take to save his company and realize his stainless-steel vision. His charm and entrepreneurial spirit drove him from his leadership of GM to creating one of the most iconic vehicles, but his inability to harness and reflect on the repercussion associated with his actions led to his eventual fall from grace. This is the story of unchecked entrepreneurship, and why we should always reflect on the actions we take when building a business.
The Rebel At GM
DeLorean always saw himself as separate from traditional management, even from his time at General Motors he was known as a renegade executive. Casually wearing a Leather Jacket, open buttoned shirt, and jeans while attending meetings in stark contrast to the stifling 3-piece suit corporate culture of GM. This attitude is reflected in his work. As the head of Pontiac, he oversaw the reinvention of the brand from a blue-haired version of the Chevrolet into a muscle car by leading the design of the Pontiac GTO using clever marketing and design choices.
But his time at GM and his rise to the presidency was cut short when, in response to the public’s demand for a more compact car and the rise of the Ford Pinto, he led the Vega project. He would later lament his time at Chevrolet in “On a Clear Day You Can See General Motors” the car’s complete lack of quality engineering led to multiple issues on the test track. Further in the book, he described the GM bureaucracy, a near-monopoly over the automotive empire willing to engage in unethical practices to remain profitable.
GM was too big to fail, and its design by committee attitude and slipping standards frustrated DeLorean. But, as we will later see, he would also fall victim to similar issues at DMC. As he would go on to say:
Leadership and innovation are impossible. – John DeLorean
The DeLorean Motor Company (DMC)
Following his departure from GM in the early 70s (or ejection due to his outspoken nature about the company), DeLorean began working on his next project and founded DMC. Working with multiple government organizations, specifically in the UK, he secured a large loan valued close to £100 million to build a state-of-the-art factory in Dunmurry, Northern Ireland. His dream was to design an affordable, yet luxurious sports car that was fuel-efficient and aesthetically pleasing. The gull-wing doors were a staple of this vision. DeLorean had spent years promoting his car through ads to “Live The Dream – Today” and allowed dealerships who sold his car to have a percentage stake in the overall company.
This process overcame multiple production hurdles, specifically linked to delays and financing, DeLorean’s first DMC-12 rolled off the Dunmurry assembly line in 1981. While DeLorean continued to tout the car’s capabilities, its 0-60MPH time, and its aesthetic qualities, the largely untrained workforce along with the conflicts in Northern Ireland further delayed the ability for DeLorean to ramp up production. By 1982, these factors along with a changing political climate in the UK, recalls and repairs, alleged embezzlement, along with negative press over DMC’s single product began to take their toll on the company.
This led DeLorean to take extreme measures to save his company.
DeLorean saw his company as his ability to express his design and engineering talents to create something great. This is reflected in the urgency he expressed attempting to save the company. He flew and met with multiple potential investors and leveraged the network he built as a celebrity to attempt to salvage his company’s finances with new investors. In the end, he fell prey to his ego and his inability to compromise – and was caught in a sting operation by the FBI attempting to sell millions of dollars of cocaine in a last ditch attempt to save his company. The embarrassment he would have felt, as GM watched his company collapse, waned so intensely on his psyche he resorted to unethical and illegal activities to try to save it.
Upon his arrest, DMC quickly collapsed like a house of cards, and the factory was held together by a skeleton crew. 1983 would be the last year the DeLorean was rolled off the factory floor. DeLorean would later joke when trying to restart his business, “Would you buy a used car from me?” Even still, he began making plans for his third comeback.
The Spirit of Entrepreneurship
This comeback was to be based solely on an upgraded version of the DMC-12, but it never materialized, and DeLorean lost everything. In his last public speeches and appearances, he continued in the months before his death promising a resurgence in his company, his designs, and his vision of the automotive future.
It’s inevitable that the company comes back. – John DeLorean
His book “On a Clear Day You Can See General Motors”, no longer in print, highlighted a considerable amount of the management issues present within the company. Even choosing to delve into the details of the rushed design and development of the Chevrolet Vega, GM’s answer to the looming fuel crisis and the need for compact cars of the 1970s. Similar to Greek tragedies, DeLorean would ultimately become a victim of the same issues he identified.
For a man who wanted more than anything to be the next Enzo Ferrari, running multiple divisions of GM and DMC, his life would end rather quietly. Shunned from his business circles, he moved into a small condo in Morristown, NJ where he would pass away in 2005. At his funeral, he was laid to rest in a motorcycle jacket and blue jeans. Defiant until the end. He never gave up hope on a company resurgence, and even sold watches and memoirs to finance his next venture.
Unchecked, an entrepreneur may fall into this trap and do ‘whatever it takes’ to accomplish their goals, regardless of legality or ethics. DeLorean represents those raw qualities of an entrepreneur we love and hate: untamed, charismatic, narcissistic, brilliant, and uncompromising. Even with these traits, he eventually came to embody everything he hated about General Motors and all those stuffy and self-congratulatory board room members.
But, as we as entrepreneurs continue to grow, the case of DMC and John DeLorean can be used as a cautionary metaphor for business ethics and unchecked egos: that if we do not take active measures now and evaluate our actions, we may eventually become what we despise.
Organizations are always searching for ways to become more efficient and secure. With the rise of DevOps processes, organizations inevitably need to adopt, build, and deploy tools to support their growing development staff. These tools may include Jira, Confluence, Jenkins, MongoDB, and other applications and services on the marketplace.
With the list of tools growing, it’s important to keep all these tools organized, updated, and secure. This itself is a full-time job requiring multiple resources.
So, why not automate and consolidate your DevOps and DevSecOps processes?
Automatically Identify and Apply Updates
Imagine this: you have multiple tools deployed in your environment supporting your DevOps processes and most importantly – your development team. How do you keep on top of application updates and not interfere with your team’s support of these products?
One word: automation.
By having a tool intelligently pulling, scanning, testing and deploying updates as the updates to the applications are released ensures your environment remains secure and highly functional. This also enables your team to focus on continuing to provide DevOps tool support to your team.
Execute Security Scans
Categorizing and maintaining a list of Common Vulnerabilities and Exposures (CVEs) and findings for your security team can be a real hassle, especially when its spread across multiple DevOps tools.
Why not automate? The ability to automatically integrate with Twistlock, Anchore, or other security scanning tools on the marketplace to build a centralized list of CVEs and maintain these will be an automatic win for you, your security team, and your IT Auditors.
JetDock – the AI DevSecOps Platform
We focused on automation in this blog – but which tool on the marketplace is right for you?
JetDock – Ascend’s DevOps tool which enables the automation and deployment of new DevOps tools using AI and Machine Learning to automatically build, scan, and deploy containerized applications. Using state of the art frameworks, JetDock can be deployed securely within your environment and becomes a DevOps consolidation tool for your team; a one-stop-shop for maintaining your DevOps environment. The tool has already shown success with the U.S. Air Force, obtaining funding through AFWERX contracts and use in the Platform One program.
So you’ve got a great service desk system like Jira Service Desk in place, but customers are still sending emails directly to you for password resets or new hardware purchases. While adoption has gone well for some customers, others still want that personal interaction to allay their fears of choosing the wrong software license type or ensuring an employee gets onboarded within the week. How can we continue to deliver great personalized customer service while also promoting comfort and ease-of-use around your new Jira Service Desk? Here are some ideas:
Name your Service Desk: Sometimes having a system with a name and a mascot help to personalize a system so that users feel more comfortable using it. For example, you could name your system “SANDY” and create logo character based on one of your brands as a mascot. Your customer can think of it as asking SANDY a question rather than just typing a question into the Confluence knowledge base.
Give Thanks for the Heads Up: Did one of your customers report a possible problem early that saved a system from going down? Perhaps they suggested a fix that helped an agent close a ticket. Find a way to recognize those who help put out fires before they start. It’s a great way to encourage other departments to look for proactive ways to prevent issues from cropping up.
Customer Training: Maybe a customer is unsure of how to use the service desk and is still walking up to your desk or calling in issues? Be proactive, provide training and easily accessible videos to walk customers through the ticketing process so they are assured that you have received and are working on their request / issue. This could be a way to see from the customer’s perspective some ideas to improve your service desk processes, layout, and policies so that customers are more comfortable with the system.
Customer Usage Feedback: Too many fields for a user in the customer portal? Too many request or issue types? Simplify. It’s important for the user experience to have straight forward forms and easy to understand questions.
Create Meaningful Satisfaction Surveys: Provide users the ability to submit satisfaction surveys and make them easily accessible. For instance, after a ticket is resolved / closed, send an email to the customer asking to complete a customer survey. Make sure you also leave room for suggestions so that feedback can be used to create a better experience.
Interested in learning more about Jira Service Desk, Confluence, or the Atlassian Tool Suite? Contact us today!
Many organizations today have mature Service Desks and Support Centers. Service Desks for many companies begin as a one person IT shop or a customer relations person. For a small entity, a walk over to their desk or a quick phone call is all it would take to get a new workstation or to answer a product related question from a customer. One challenge many small companies encounter as they grow larger is how to scale their services without detracting from the customer experience or the quality of service. What used to be a stroll down the hall to the cubicle of the IT person and a sticky note placed on their monitor now goes unanswered. A call from a customer now gets routed to an automated phone system where they must listen to a recording and press zero to bypass all the options given to them by the recorded voice. How can you continue to deliver great customer service and keep up with the higher volume of requests?
Track everything – Offline sticky notes, emails, phone calls, and verbal walk-ups must be kept to a minimum. This can be a hard habit to break if your staff is used to this personal touch. It becomes difficult to prioritize different requests coming in and notify your customers when their order has come in. Using a tool such as Jira Service Desk enables a consistent intake for both internal and external customers. You should direct customers to use an easily accessible service desk portal. If you must continue to take phone calls and walk-ups, tickets can be created by agents to document the customer’s request in Jira. As a best practice, you should document how many of these offline requests you receive to recognize the need for training opportunities or better access to the customer service portal.
Promote Self-Service – While it’s always good to have a support specialist ready to handle customer requests, creating a knowledgebase with a Frequently Asked Questions (FAQ) will empower your customers and free up your Service Desk team. An important metric to track for self-service are view counts of these knowledge articles. Low view counts and high ticket counts for a related issue may indicate that your team must update your knowledgebase to make an article easier to find. Confluence, when integrated with Jira Service Desk, provides a searchable knowledge base which can provide these metrics in reports so that agents can make the best use of their posted knowledge articles for customers.
Create Realistic Service Level Agreements (SLAs) – As the adage goes, “Under promise, Over deliver”. Setting turn-around goals for your support team ensures that your customer is aware of the length of time a request takes to fulfill. This creates expectations around when something will be delivered to them. Many times, customers will try to get around these SLAs by going around the system (i.e. phone calls / walk-ups) or by stating that their own request takes precedence over others. It’s important to think about the types of requests that your service desk agents receive and try to create reasonable SLAs based on priority. One best practice is to calculate the impact (number of users affected) and urgency (how quickly something is needed) as part of a priority calculation. Creating a Priority Matrix with these factors is a good way to look at this. Jira has automation that can be created to calculate priorities using these variables.
After years of utilizing the Rational Suite extensively across programs and projects, the Department of Veterans Affairs (VA) is looking at other options for their DevOps and project management capabilities. Increasing collaboration across teams within OIT, and enabling the ability for teams to quickly adopt to change is key for DevOps to be successful within the VA and OIT. How can the VA do this? DevOps is not a quick implementation or a “quick fix” to challenges encountered across multiple organizations. Instead, it requires three components working together in order for a successful DevOps strategy to be implemented across an agency: policy & life cycle updates, cultural adaption, and tools to ensure enablement.
Policy & Life Cycle
The VA Veterans Integration Process (VIP) software development methodology was implemented in the summer of 2016 replacing PMAS. VIP was an attempt to establish an agile process environment that unfortunately continued to require the Rational process. The most positive aspect of VIP is allowing enhancement Release the freedom from Rational compliance. Post go-live release, e.g. Releases 1.1, 2.0, 3.0, 4.1, can use Agile, SCRUM, and modern tools. Now, whichever tools and approach the respective vendors have internally within their respective development environments is acceptable for VA project enhancement releases.
Within the VA, there are innovators such as Bill James, the Acting Principal Deputy Assistant Secretary, who support a swift transition away from the Rational suite and the adoption of modern tools to help transform their DevOps and project management capabilities. Most projects supported by the various T4NG vendors, are performing Agile with modern tools for Agile development, e.g. Epics, User Stories, Test Cases, Defects, Backlogs re: the SCRUM process. The new world of DevOps will likely be dependent on the adoption, implementation and administration of automated testing, deployment and monitoring tools. The administration of the Department’s Tools and Workflow is the opportunity to seize upon. Such as a Center of Excellence (COE) established and supported by the vendors for the VA.
Tools for Enablement
With the establishment of new policies around lifecycles and culture, comes the adoption of new tools that enable DevOps capabilities across the VA. The ideal tool for the VA would include integration capabilities with the current software tool suite utilized by the VA (i.e. Rational), along with the ability to support the entire DevOps process. Integration with the current toolset is key, as many tasks, stories, requirements and configurations will need to be translated from one tool to another. The DevOps tool suite will need to be customized to include stage gate reviews and processes as required by the VIP. Fields, configurations, permissions and notifications will be standardized across all of the projects, with only minor customizations added if required by the program or project manager. The tool should also require minimum training for users, most users should after only one or two training sessions, be able to begin utilizing the tool for their teams.
Next Steps for the VA
Implementing a new lifecycle policy, culture, and tools at the VA will ensure a consistent and repeatable approach to DevOps is taken within the agency. One tool with an extensive suite of capabilities utilized across multiple agencies is the Atlassian Tool Suite, Jira / Confluence / Bitbucket / Bamboo. Combining these tools provides users with a powerful, DevOps and Project Management focused tool suite highly customizable and flexible enough to meet the constantly changing needs of the VA. What do you think about enabling agencies to adopt DevOps practices?
Co-Authored – Michael Brown & Cavin Clayton of Ascend and Carahsoft