AWS re:Invent 2023
How Lockheed Martin Builds Software Faster Powered by Devsecops Dop323

Title

AWS re:Invent 2023 - How Lockheed Martin builds software faster, powered by DevSecOps (DOP323)

Summary

  • Lockheed Martin, the world's largest defense contractor, has undergone a transformation journey to improve its software development process.
  • Alan Horn, director of software security at Lockheed Martin, discussed the company's transition from a slow, methodical approach to a more rapid iteration process while maintaining mission-critical and safety-critical standards.
  • The company faced challenges due to its size, geographic distribution, and the classified nature of its work, which required isolated, closed spaces for software development.
  • Lockheed Martin adopted a bottom-up approach to transformation, leveraging feedback from passionate individuals across the business to drive change.
  • The company moved to a common DevSecOps platform using GitLab and AWS, which allowed for scalable, automated builds and deployments, improving deployment frequency and reducing risk.
  • Key metrics for success included the DORA metrics (deployment frequency, change failure rate, mean time to repair) and the number of users on the platform.
  • Future visions include leveraging sovereign cloud regions for global operations and incorporating generative AI to enhance developer productivity and system design.

Insights

  • Lockheed Martin's transformation journey emphasizes the importance of a bottom-up approach, where feedback from the front lines is crucial for successful change.
  • The company's move to a common DevSecOps platform highlights the benefits of a unified approach to collaboration and asset management.
  • The adoption of GitLab and AWS has led to significant improvements in deployment frequency and scalability, demonstrating the effectiveness of cloud-native architectures.
  • Security is deeply integrated into the development process, with security experts actively participating in the DevSecOps lifecycle.
  • The discussion on generative AI suggests that organizations need a mature software engineering lifecycle foundation to fully benefit from AI advancements.
  • The transformation journey at Lockheed Martin serves as a case study for other large, geographically distributed organizations facing similar challenges in software development and security.
How John Hancock Revolutionized Its Mainframe Insurance Admin on Aws Biz220How Netflix Uses Aws for Multi Region Cache Replication Nfx304