Revelations from an Agile and DevSecOps Transformation in a Large Organization: An Experiential Case Study

Abstract

This paper presents the lessons learned, and the observations and insights gained, from observing a software development effort for a large, well-funded, and highly regulated program that adopted Agile and DevSecOps principles during a 12-month period of iterative software development. The program was originally set up to use the waterfall software development approach with a traditional earned value (EV) scheme. It completed several iterations of development using this structure. The program then shifted to using a combination of Agile and DevSecOps. In this paper, we describe challenges encountered during this transition that inhibited realization of some of the benefits associated with Agile and DevSecOps. Largely, these challenges were a result of poor planning, engineering, and communication. We present this advisory account to others undertaking similar DevSecOps and Agile transitions, particularly in large organizations, so that they may better strategize and prepare methods to diminish similar shortcomings and increase the odds of a successful transition.