Small agencies and bureaus manage billions of dollars and have missions integral to Federal government operations and services for the citizens of the United States. While Cabinet-level Departments often have tens of thousands of employees, the vital work done by smaller organizations is accomplished by teams with well under 1,000 employees. These Federal agencies need partners with the agility to help them maximize each dollar they spend on the technologies and tools that drive their mission.
Small agencies have different cultures, operating environments, and budgets than Cabinet-level Departments. For instance the Millennium Challenge Corporation is an independent agency that delivers foreign aid according to criteria different from USAID and the State Department. They don’t rely on the same tools or processes as these larger organizations to carry out their data driven, grant-making, yet are equally if not more effective. The Substance Abuse and Mental Health Services Administration (SAMHSA) is an agency within the U.S. Department of Health and Human Services (HHS) that leads public health efforts to advance the behavioral health of the nation. However, the research and financing around behavioral health is historically less than and distinct from other health conditions. These are just two examples of small agencies that have unique missions and operations. A one size fits all approach often taken by large vendors and contractors won’t work in these environments.
An Approach for Working with Small Agencies
Doing more with less: With limited IT resources and budgets, small agencies need light weight, open source solutions tailored to meet their organization and mission. Large consulting firms often propose heavyweight solutions that are costly both out of the box and to customize for specific environments, quickly draining budgets while failing to deliver value quickly.
Small agencies require partners that ask, “What is needed in this organization and what solutions will deliver value for every dollar?” They cannot afford to work with vendors who ask, “How can we sell them what we have and increase our profit margin through additional licenses and add-ons?”
Building Honest Relationships: Because they have unique operating environments and missions, small agencies benefit from partners committed to understanding them and their needs. This requires partners that allow access to executive teams, a commitment to open communication, and a highly collaborative approach.
Small agency CIO shops are usually composed of tight-knit teams with strong relationships. So contractors need to appreciate and understand how CIO teams work together in specific environments. These shops should look for partners that tailor their approach accordingly while integrating or maturing industry best practices such as Agile development and DevSecOps. This might mean taking the time to do Agile coaching and transformation and working with IT leaders across organizations to extract the most value from Agile practices.
Understand the Technology Environment: A rigorous technology assessment can help small agencies strategically prioritize existing backlog items, identify new challenges, and build an incremental roadmap for technology modernization. Incremental and iterative are key approaches at small agencies that may not have the budget or need to bring in new technologies all at once.
For example, an assessment can show how an agency can leverage existing assets and use an interactive approach in developing a DevSecOps pipeline that improves security in DevOps without overhauling their entire architecture.
DevSecOps helps agencies improve promotion speed, code quality, end-user experience and integrates cybersecurity into all steps of the product life cycle. However, many of the technologies that support systems like AWS’s pipelines are designed for private sector companies operating at vastly larger scales than what most federal agencies require, and take significant resources and time to move to the new infrastructure. Small agencies need to right-size their DevSecOps approach by:
- Identifying near neighbor technologies: By using things that are in or relate to your enterprise architecture, you don’t need to upend your whole infrastructure. Many projects already have appropriate tools and software to automate testing, deployment, and environment configuration.
- Using an iterative approach to transition to DevSecOps practices: Roll out DevSecOps practices and technologies piece-by-piece. This allows the DevSecOps team to adopt practices or tech in an order that addresses the biggest pain points first and will have the most positive impact for the team and project at each step
Organizational and technological agility, high-level collaboration, and cultural fit between agency and contractor are key areas for helping small agencies achieve their missions. Smaller contractors have an advantage in achieving results in these areas because they are more likely to understand how to tailor their approach to specific environments and missions, have a flatter organizational structures which allows more effective collaboration and leadership involvement, and understand the import of maximizing existing assets over importing brand new systems and tools wholesale.
Article | No, You Don’t Need Kubernetes for DevSecOps
Article | Integrated DevSecOps with Separate Federal Dev and Ops Contractors? Yes, It Can Be Done.