DevSecOps Enables VA’s Digital Transformation

The Department of Veterans Affairs’ Office of Information and Technology is using DevSecOps to enhance processes, develop new solutions and provide better services to veterans, Todd Simpson, VA’s deputy assistant secretary for DevSecOps, said during GovernmentCIO Media & Research’s Disruptive DevSecOps virtual event.

“I’ve worked very hard with my team to put together a set of strategic priorities that I believe are going to be transformative and put the organization exactly where it needs to enable the mission of the VA and provide value and services to the veterans,” Simpson said.

Simpson joined the agency in July and has initially been working to build out the agency’s product lines, one of seven priority areas, toward furthering overall software development and cybersecurity in the agency’s modernization strategy.

Simpson outlined the seven priority areas: customer outcomes, metrics and visibility, upskilling workforce, streamlining business functions, product line maturity, creating a modern software factory and expanding cloud platforms.

Streamlining business functions has enabled VA to gain full visibility into the organization, drive accountability and better position its Agile Center of Excellence, he said.

Simpson has been taking an incremental approach to DevSecOps implementation, recognizing the large cultural shift that is required before making any major reorganizations. In support of that, Simpson said a large focus area at the VA is upskilling its workforce.

“We have an ‘all-employees’ survey to guide the types of endeavors that I’m going to put in action. I want to connect with my staff and to make sure that they see that I’m actively listening to them,” Simpson said. “We do that in a variety of forums that are all part of this cultural transformation.”

Maturing the product lines will help align the business with the developers to drive a human-centered design and iterative development, Simpson said. This will enable better leveraging cloud, software-as-a-service and automation.

The department’s VA Enterprise Cloud (VAEC) serves as the foundation for these innovative solutions.

“[VAEC] is the only way to offer our SaaS solutions, which are at the top of the spectrum,” Simpson explained. “VAEC offers us that foundation for our continuous ATOs, security inheritance, ability to scale and our on demand environments.”

Simpson has worked to build out a tool ecosystem that is broken down into various phases of the DevSecOps life cycle by conducting base inventory and accounting to define governance around future architecture.

“If we have a governed set of tools, it will get us to this future state,” Simpson said.

VA is currently looking for new and innovative ways to do business. Simpson outlined a few of the department’s target areas moving forward, including AIOps, machine learning, network analytics, hyper-automation, robotic process automation and rollout of its new electronic health record.

“We’re looking at anything that can automate our processes in ways that are adding impact and making it easier to spin things up and to reuse. We want to think about efficiency,” Simpson added.

As VA continues on its transformation journey, Simpson said that the department will use an Agile approach, a DevSecOps mindset and an iterative deployment model to drive down any release that isn’t occurring under 90 days.

“We’ve got some product lines that are released every two weeks. That’s really the target goal for all 32 of our product lines — to get to that cadence where it’s persistent releases and we’re really walking the walk,” Simpson said.