This paper presents the lessons learned, observations, and insights from a 12-month experience observing a software development effort for a large, well-funded, and highly regulated program that adopted Agile and DevSecOps principles during a 12-month iteration of software development. The program was originally set up to use the waterfall software development approach with a traditional earned value (EV) scheme and had completed several iterations of development using this structure. The program then shifted to using a combination of Agile and DevSecOps. In this paper, we describe challenges encountered during this transformation that inhibited realization of some of the benefits associated with Agile and DevSecOps. Largely, these challenges were a result of poor planning, engineering, and communication.

We present this advisory account to others undertaking similar DevSecOps and Agile transformations, particularly in large organizations, so that they may better strategize methods to diminish similar shortcomings and increase the odds of a successful transformation.