Speaker

Bryan Guinn

Bryan Guinn

Technology Executive - DevOps Lead Air Force & Space Force | SBIR/STTR Focused | Angel Investor

Actions

As a highly accredited IT executive, Bryan Guinn is helping the Department of Defense embrace DevSecOps. Having been in the technology industry for a majority of his life, Bryan has always been driven to be at the frontier of developments in this field, by helping those clients develop secure technology solutions for Internet-facing, mission-critical systems by assisting them throughout the solutions life-cycle. Bryan now helps serve the Department of Defense community in their efforts to embrace DevSecOps best practices and streamline accreditation for CloudBees. When Bryan’s not hard at work, he enjoys training Wing Chun with his boys and spending time with his family.

The Engine Inside Successful Software Factories

What is a software factory and why does the government care? A software factory is an organized collection of software assets, tools and processes that expedite the production and delivery of software solutions. A good software factory requires automation to connect the processes, tools and people into high-functioning pipelines to deliver software that is always deployment worthy. A common term for this approach is DevSecOps.

We have seen several best practices emerge regarding software delivery and achieving increased quality, security and speed of DevSecOps at scale. Enduring success for these organizations happens when they fold their program management and governance goals into the DevSecOps processes around their toolchains. The programs start to benefit from greater management insight into performance, and they have an easier time scaling their automation initiatives, which drives further efficiency and they gain the ability to automatically gather data from across their DevSecOps processes and delivery pipelines.

We will look at five key strategies driven by a software factory.

#1 - GitOps - Configuration as Code (CasC)
#2 - Supply Chain Security
#3 - Automating the Release Process
#4 - Metrics and Value Stream Management (VSM)
#5 - Hybrid Cloud/IT Modernization/Digital Transformation

The Importance of Automation and DevSecOps Methodologies for DOD Digital Transformation

DevSecOps is crucial for Digital Transformation as software has become an essential component for every organization and resilient space capabilities. As software systems become more complex, ensuring their security and reliability becomes more challenging. Automation and DevSecOps methodologies help organizations to enhance the security of their software supply chain and reduce the time taken to resolve security issues/bugs through automation, resulting in improved efficiency and agility while removing error-prone human-driven processes. Automation and agile practices are being adopted by nation states, companies, and programs leading in digital transformation for maximum impact. The talk explores how Digital Engineering and DevSecOps combined yield real mission impact and how this is achievable through existing research and development completed by the Air Force RogueONE group, focusing on Digital Transformation, Digital Twins, and Digital Engineering for air and space capabilities.

Building Resilient Security: A Systems Approach to Continuous ATO and Secure Software Supply Chain

To keep mission-critical applications and warfighters secure, Application Owners (AOs) need a real-time assessment of software security and compliance. However, relying on process-based or point-in-time assessments leaves vulnerabilities. A systems-wide approach to software supply chain security and continuous Authorization to Operate (ATO) is necessary. This approach, based on an approved reference architecture, provides ongoing visibility of key cybersecurity activities inside the system boundary, continuous monitoring of controls, and enables proactive cyber defense. This approach unites tools, stakeholders, and controls to ensure continuous security and compliance, resilience, adaptability, and eliminates blind spots. In this context, Bryan Guinn, Air Force and Space Force Lead at CloudBees, explains how a systems approach to continuous ATO can harden security posture, enable warfighters faster, and make programs more resilient. The key concepts discussed are: 1) secure software delivery supply chain is the key to continuous ATO, 2) Mean Time to Mitigate should be the most important security metric, and 3) a multi-layered blueprint for Continuous ATO.

Bryan Guinn

Technology Executive - DevOps Lead Air Force & Space Force | SBIR/STTR Focused | Angel Investor

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top