Case Study

Defense Contractor Employs Motion to Push Forward Software Factory with DevSecOps

Challenge

Every organization that wants to be competitive in the digital era is taking a hard look at their software practices to move faster with greater efficiency, scalability, reliability, and security.

For a Fortune 100 aerospace & defense contractor, their hard look was a first step to development of a software factory for the entire organization using DevSecOps to enable its engineers to leverage end-to-end automation to simplify deployment of apps and infrastructure across all stages; to plan, build, test, release, operate and manage the software delivered to customers, effectively, securely, and at scale.

Solution

Realizing they had a skills shortage around critical areas in AWS, Kubernetes, DevSecOps, the client turned to Motion to begin this complex engagement which also covers activities around Cloud and Cyber as well as DevSecOps.

What appealed to them was Motions’s ability to coach team members and bring them up to speed, as well as their ability to integrate with the team in their architecture and engineering efforts.

A Motion AWS DevSecOps team was assembled and immediately set to work. The sponsor team they are integrating into is the DevSecOps Platform Team, but they are working collaboratively with various Leadership, Cyber, Cloud, Infrastructure and Development stakeholders.

The goal is to finish a first iteration software factory that is a minimal viable product.

Activities underway thus far include:

  • Established software factory flow from front end out to the environments
  • Laid the groundwork for a DevSecOps framework
  • Collaborated and built on the architectures already in place, bringing them to documented first draft completion
  • Coached team on Agile Threat Modeling and made it scalable for the whole org
  • Engineering and collaborating on terraform modules, compliance as code, artifacts, vaults, container and orchestration security, workflow integration
  • Working with other teams on firewall and higher-level Cloud infrastructure required
  • Building out Gitlab pipelines and infrastructure with team
  • Engineering initial EKS stack with team
  • Building out a minimal Proof of Concept for unified observability
  • Working with Cyber and DevSecOps team to help with Prisma Cloud
  • Building out container and orchestration security practice with team
  • Documenting and testing tool selection and collaborating with team on choices for the whole chain
  • Building out the user guide with DevSecOps team
  • Working with team breaking out architecture into epics and sprints to be able to quickly iterate and track progress
  • Collaborating with consumer development teams that will be using this software factory to test out the process and document any inefficiencies or issues to build a backlog

Results

While results on this kind of engagement take time to bear fruit, early reports are promising.

  • We’ve completed AWS Gov Cloud engineering around serverless and Kubernetes to assist the DevSecOps platform team in building the foundation of their software factory.
  • We’ve started Agile Threat Modeling (focus on Risk).
  • We’ve completed some Kubernetes training around container and orchestrator security, networking, architecture, and so on.
  • We are building Gitlab orchestration pipelines to provision environments through infrastructure as code (Terraform) using continuous delivery.
  • We are doing cyber engineering— all things cyber around Cloud and Kubernetes contexts with benchmarking, building out security tools and observability, network policies, controls, security best practices, and so on.