[bladegash]

Have certainly seen and experienced what you did, so I hear you. However, there are improvements slowly being made to be optimistic about. DevOps (or DevSecOps as they like to refer to it now...) is definitely becoming a more ingrained practice. If you’re interested, take a look at initiatives such as Cloud One, or some of the work being done by GSA (especially 18F) and USCIS (of all places).

Interestingly, the 21st Century IDEA Act mandates compliance with the USWDS now (at least for publicly facing sites) and there is a maturity model built around it. We’ll see whether or not agencies comply, but it’s a step in the right direction.

[adbachman]

I'm curious how you've heard about USCIS' work / style?

I'm new to the system, so this is the only one I know (wrote about joining here: https://twitter.com/abachman/status/1217795232449859585), but I'm currently on a team of 6, all feds: 1 designer, 1 product mgr, 3 engineers and I'd say we're fairly to extremely self-directed. User-research based product development, pair programming, short iterations, deploying daily, all that jazz. Just a variation on the same sort of thing I've seen in the tech-first / software-product-company gigs I had in the past, but I've mostly worked for smaller indie or niche companies.

That is, I get to work in a way and with people and tools (Rails + React at the moment) that makes sense to me. How far outside the norm are we and where could I go to learn more about the whole system?

[bladegash]

Other than previous work experience at DHS, bidding USCIS solicitations was the biggest difference I had observed with USCIS/way I became familiar with their practices. They’re pretty unique/developed with both their acquisition and DevOps practices.

It kind of sucks being on the bidding end, as their tech challenges cost a ton on top of the normal costs with a proposal. But I can understand why they do it and from an acquisition perspective, it makes total sense. I think they will need to strike a balance at some point though - some of their tech challenges are too complicated for the timelines provided.

In terms of development practices, it is pretty much all DevSecOps and they make heavy use of independent verification and validation/QA, and even more importantly, are pretty mature in their adoption of it.

So to answer your question, you guys are pretty far outside the norm in a good way :-).

Not sure the best way for you to be able to learn more other than to do some networking in the DC area (post COVID). If you get the opportunity, there’s a ton of great meetups in the DC area, although if you’re taking the MARC those can be a challenge to attend after work due to train schedule limitations. Other than that, move around to/visit different agencies and get exposure to their work. Work with your PM to see if you can do some site visits to other agencies/organizations as part of professional development and such.

[adbachman]

Ah! This is interesting info and helpful, thanks!

I was on the cusp of attending some cross organization "for feds" tech meetups back in March, but... :| I'll keep on the lookout.

[xeemzorz]

[deleted]

[bladegash]

Have you tried reaching out to Nicolas Chaillan or anyone within the AF CSO about some of your observations regarding where Cloud One/Platform One are missing the Mark? Nicolas is pretty active on LinkedIn and he may be open to input that could lead to some positive changes.