Pentagon Revamps Tech Strategies to Advance DevSecOps
Updated Pentagon software development strategies streamline processes, enhance security and drive operational innovation.

The Defense Department released a series of new guidelines and initiatives this year to advance modernization, embrace DevSecOps and enhance security.
“The department started this back in 2019,” DOD Director of Cloud & Software Modernization George Lamb said during a meeting of the GovCIO Media & Research DevSecOps Working Group on Friday. “That’s when the true transformation for DevSecOps first kicked off. A lot of what we do is at strategy and guidance level.”
In October, DOD updated its DevSecOps fundamentals document , which outlined a modernized approach to software development. The revised edition emphasized faster delivery, tighter security and improved collaboration across the software development lifecycle. Lamb said the document used to be more of an “aspirational guide” and that the updated version is more practical.
“[The version released in October] takes us to the current state of where we are after four years of the journey,” Lamb explained. “This fundamentals document is designed for the department and programs that are trying to understand where they are, how to adopt cloud and how we take the different authorities and equities that are distributed across the department.”
Lamb also highlighted the Pentagon’s shift from point-in-time security checks to continuous authorization in the DevSecOps process. Lamb said that the “DoD Continuous Authorization Implementation Guide” document released in April, outlines a more dynamic approach.
“It’s a concept that’s been around for a while, but we’re trying to drive that home as the new standard to replace [authority to operate] really looking at the supply chain, the secure supply chain, making that the fundamental premise for how you do ATO,” said Lamb. “Getting rid of that concept where ATO is something that happens at the end you hand over a product, and then your security team comes in and they look at it without context.”
Lamb noted that the continuous authorization process can identify and address security vulnerabilities much faster, reducing the time it takes to deploy software. By integrating security into the development process, DOD aims to build more secure software from the ground up, Lamb said.
“We believe that security without context is really not secure,” said Lamb. “That context is how you get a lot of the smarts, and the supply chain is where you get that context.”
Additionally, Lamb emphasized the department’s recent document, which aims to optimize cloud spending and ensure the department gets the most value for its investment in cloud. Released in October 2024, the “DoD Cloud Financial Operations Strategy” outlined ways to manage cloud computing costs within modernization plans and efficiently manage cloud resources and budgets.
“Each of the services have their own cloud service offices, and that’s where we’re seeing inconsistent ways that financial operations are happening,” said Lamb. “We’re trying to bend the best practices from using the cloud effectively into the department, turning that into department-wide policy.”
Lamb said the department’s DevSecOps updates help modernize DOD by accelerating software delivery, streamlining processes, managing cloud more effectively and prioritizing security throughout the software development lifecycle.
“[It’s a] transformational process, trying to get DevSecOps encoded through the department,” said Lamb.
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
Navy Memo Maps Tech Priorities for the Future Fight
Acting CTO’s memo outlines critical investment areas, from AI and quantum to cyber and space, as part of an accelerated modernization push.
5m read -
DOD Can No Longer Assume Superiority in Digital Warfare, Officials Warn
The DOD must make concerted efforts to address cyber vulnerabilities to maintain the tactical edge, military leaders said at HammerCon 2025.
4m read -
Marine Corps Operation StormBreaker Slashes Software Delivery Timelines by 17x
New program aims to deliver critical digital capabilities to warfighters at the "speed of relevance" by overhauling traditional processes.
4m read -
Trump Orders Spark Government-Wide Acquisition Overhaul
As Trump pushes for a faster, simpler procurement system, agencies are leveraging AI and adapting strategies to meet new requirements.
5m read -
A Look at Federal Zero Trust Transformation
Recent developments from CISA and DOD show how government is advancing zero trust quickly.
20m read -
Army Combines Commands to Propel Innovation Under New Transformation Plan
Lt. Gen. Miles Brown outlines a new transformation strategy after the AFC–TRADOC merger to integrate new technologies within 18 months.
4m read -
AI Enables Coast Guard’s Workforce to Transform Operations
The Coast Guard’s Deputy CIO Brian Campo delves into the ways AI is pushing the service to rethink its core services, workforce and operations.
14m watch -
New Army Acquisition Plan Cites Autonomy, Predictive Analytics
Officials outline how the Army Transformation Initiative signals a broader shift toward efficiency with tech and acquisition reform.
4m read -
Software Factories Accelerate Federal Modernization Outcomes
IT leaders from Nutanix and SAIC explain how software factories streamline tech development, modernize legacy systems and accelerate adoption of emerging technologies like AI.
34m watch -
AWS Summit: Innovation Accelerates IT Delivery at DOD
Marine Corps Community Services is tackling outdated IT processes with agile development and cutting-edge cloud security to deliver mission-critical capabilities faster.
12m watch -
AI Revolutionizes Defense Decision-Making
AI enhances access to vital information for defense leaders, empowering faster, more informed decision-making on and off the battlefield.
29m watch -
DOD's Tech Advantage Hinges on Commercial Collaboration, Says DIU Director
Seamless public-private sector integration is crucial for national security to compete with global powers, DIU Director Doug Beck said.
4m read