The DevSecOps Software Factory

Creating and running software with security build in as an industrial process


DevSecOps and Software factory included

Some people are talking about agile processes, some about the cloud, others about devops and automating the build process by a CI/CD pipeline. The common idea behind all these moves is enablement. Enable the team what it needs to do, giving power to the people.

There are serious concerns and a lot of questions. Should we get agile? Or should you aim for DevOps? What about security? There is a lot of buzz around all these topics. Will all the teams be able to manage this all? What about legal aspects? Regulations? Security? Can we meet the requirements of all stake holders? And so on…

You as a manager plan to establish a software factory? The two day workshop is about the technical and organisational aspects of building the processes necessary to implement a modern software factory with DevOps and Security aspects included.

The original proposal of a Software Factory is 20 years old. After the original papers of Jack Greenfield and Keith Short we had a lot of development. Open Source took over, we have agile methods, the clouds, DevOps and huge problems in security today.

Time to renew the original approach and update all aspects of the original ideas.

2 days, online or remote. Maximum six participants.

With many years of experience I will guide you through the swamps of buzzword dropping, deserts of time, the cliffs of human nature and over the mountains of complexity of the journey to introduce the industrial process as the standard in your company.

It is all about enablement!

Most people only focus on a some aspects of the process to introduce a software factory or completely ignore the non technical impact on the people, the teams and the organization.


The Four Pillars of the Software Factory

The CNCF US DoD DevSecOps process is used as a template to structure the actions to implement a software factory. Even if regulations keep you back from using devops like approaches, you can adopt the core concepts of the methodology

We will talk about

  • Agile Working
  • Clouds
  • DevSecOps
  • Automation


We start a technical journey. However, tech is made by people. This has an impact on your team, your organization, your company and finally on your cultuer. We discuss the steps and hurdles for establishing a software factory in your company.

  • Organizational Changes
  • Cloud, private or public
  • The impact of automation
  • Security by default


We never start from zero, therefore it is necessary that you also bring in some experiences. This requires at least some, but not all of

  • classical project management, product owner or agile coach
  • understanding of the software development process
  • basic understanding of clouds
  • basic understanding of automated build processes

Intended Audience

You feel the responsibilility to change the way software is delivered and run by your team, your organisation or your company? There is demand for change? You have the impression, that your knowledge is incomplete and you need a broader overview?

Then you should have at least some of the skills of a

  • C Level
  • project managers, agile coaches, product owner
  • head of development, head of devops


Goal of the workshop to get an overview about the necessessary steps to establish the software factory in your organisation. What are the prerequesites? What are the necessary steps? How long will it take? What are the benefits? What are the risks and how to address them? Especially we talk about


What can be measured and what not?

  • how to measure success of the project?
  • what is the timeline of the change?
  • how many resources do we need to spend?


Why are we starting the journey?

  • identify the advantages of the software factory
  • usage of automation
  • impact on security
  • impact on performance
  • key metrics

Potential pitfalls

What can and what will go wrong and how can we mitigate failure?

  • agile processes are change processes
  • pseudo approaches
  • cloud costs
  • security faults
  • supply chain security