An official website of the United States Government
Here's how you know

Official websites use .gov

.gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS

A lock ( lock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Deputy CIO for Information Enterprise Danielle Metz and DoD Chief Software Officer Jason Weiss Hold a Media Briefing on the DOD Software Modernization Strategy

DCIO(IE) DANIELLE METZ:  Good afternoon everyone, really appreciate you participating today in this -- today's media roundtable, what I wanted to do is just provide a little context in terms of where the department has been on this journey in terms of evolving from the 2018 DOD Cloud Strategy to the Software Modernization Strategy that was just signed out last week by DSD Hicks.  Our journey started in 2020, when we recognized that we had a significant problem but we weren't capturing what that problem set was, and what we wanted to be able to do was to take a step back and crystallize what the problem was.  So that we can ensure that we were delivering what was needed as a solution set for the warfighter, and what I mean by that is we spent, and the Federal government has spent, a lot of time advocating for people to move to the cloud.  But we never thought about what it would be once we were in the cloud, and that's where you're really harnessing the power of cloud and compute.

Where you'll able to natively build and develop software applications in the cloud and continuously do it and have incremental capability out to your -- to your workforce and for the department and to our warfighter.  And what we wanted to be able to do was, now that it was expanding and beyond just going through the cloud, how do we go about transforming our business processes to ensure that we had agility in each and every step of the way.  From how we go about contracting, acquiring, testing, evaluating, delivering software and that's where we came up with a problem set of you have a set of technical enablers and business process transformation that needs to take place, in order to deliver software at the speed of relevance.  And at each and every space, we recognize that this wasn't one organization within the department who owns this problem set, and we wanted to be able to combine the superpowers of -- of the office of secretary of defense, that's the DOD CIO, that’s acquisition and sustainment, or what we call A&S, or our research and engineering which R&E, and together we are able to remove impediments and roadblocks within our current processes and figure out ways, in partnership with the military departments, the combatant commands, our defense agencies and field activities.  To be able to streamline, improve, update or sometimes just revolutionize our policies and guidance and standards, in order for us to be able to democratize the exceptionalism that you see in pockets over the past few years, from our Air Force Cloud 1, to Navy's Black Pearl, all these different types of software factories that are taking place.  We've had to create exceptions for this exceptionalism and now we want to be able to make sure that we inculcate that into the DNA of the department, so this is business as usual, and we are streamlining what our processes are, really harnessing the technical enablers to be able to deliver that type of capability to our warfighter.

And so this has been a two-year journey for us, and I am just over the moon thrilled that we were able to get the -- the senior leadership endorsement of the vision, and how that fits into the broader department's vision for Joint All-Domain C2, for acceleration of AI and data and how software modernization is really the underpinning activity for those endeavors.  And that here we are, internally to the CIO, where we really cultivated to ensure that we had the right talent, to be able to lead us to this next chapter, and so now I would like to introduce Jason Weiss.  He is the department's first Chief Software Officer and it was under his leadership that we were able to galvanize this group of -- of very much like minded, exceptional people across the department, and really serve as a catalyst for us to be able to have our Software Modernization Strategy.  And so with that, Jason I'll turn it over to you.

CHIEF SOFTWARE OFFICER JASON WEISS:  Thank you ma'am.  So just a couple of prepared remarks here.  You know, software, it -- it touches every part of our lives today, and it also touches the warfighter as the modern battlefield has become a software defined environment.  Our competitive advantage at the department both today and tomorrow, is really reliant upon this strategic insight and this proactive innovation, and effective technology integration and all of that is enabled through software defined capabilities.  So software modernization recognizes that our warfighters require high quality and highly secure software running against trusted data sources.  It also acknowledges that the ability to quickly deliver the resilient software at the speed of relevance, whether through reuse, acquisition or custom development, it must also become so prevalent that its part of our DNA and its inextricably part of that DNA.  The DOD Software Modernization Strategy has set this path for technology and process transformation that Ms. Metz talked about, and this is going to enable the realization of a very profound vision for how we bring software into the warfighters hands.

It is one of the set of sub-strategies of the DOD Digital Modernization Strategy.  It builds upon and evolves and replaces, the DOD Cloud Strategy from 2018.  Given software's role and pervasiveness across all aspects of mission capabilities in supporting infrastructure.  Implementations to success of this strategy will rely heavily on our partnerships across the department.  Beyond the technology, the strategy truly reinforces the need to attract and retain workforce talent.  We need to hire talent into our leadership positions, and we need to initiate upscaling efforts to successfully compete.  No one can be left behind in this journey, either military service member or a civil servant.  In this era of competition and the race of digital dominance, we simply cannot settle for incremental change anymore.  The department must come together to deliver software better and operate as a 21st century force.  So I'd like to thank everybody for dialing in today, and I believe we'll open the floor for questions at this time.

STAFF:  Thank you sir.  Let's go first question to Ellen Milhiser with Synopsis.

Q:  Good afternoon. Thank you guys so much for doing this.  I noticed in the strategy that you put out that you talk about not only warfighters use of software but also healthcare providers.  So if you could tell me, how did the ongoing Genesis Project inform this new strategy and how will it impact -- how will the new strategy impact the ongoing implementation and acquisition of Genesis?

MR. WEISS:  Ms. Metz, do you want to field that one?

MS. METZ:  Yes. I know that what MHS Genesis has been doing is some modernization activity, very much focused on the network and then, in terms of moving their data to the cloud.  And so, their experiences absolutely did inform how we go about doing software modernization and recognizing that we needed to make sure that we have cogent coherent strategy to -- to an end where we're able to rethink how we're going to deliver capabilities, and is really instead of going a flash to bang, that we're going to have to be able to deliver capabilities as minimum viable products and then quickly build upon them.  Constantly testing, evaluating and taking user feedback, and so its really just an expansion of what the -- the department -- the Defense Health Agency with MHS Genesis has embarked upon, and so this is things for them to be able to use to help them really be successful in terms of the -- the modernization activities that they're currently underway with MHS Genesis.

Q:  Thank you.

STAFF:  Ellen, did you have a follow up?

Q:  I'm not a technical person. So I'm not even 100 percent sure I understood everything she said.  I'm a little bit confused by -- so DHA said we're going to get commercial software and they got the Cerner product.  How does that, was that completely separate from you all creating this strategy or did you all look at what they did, and say that's a great idea we need to do it everywhere else?  I -- I'm trying to understand the interplay here.

MS. METZ:  Yes.  Certainly.  So I think that, you know, the idea of doing software modernization in DevSecOps is nothing new, what we really wanted to be able to do was to elevate that mindset across the board.  So that it could be a department endeavor and not just, as we've said before, pockets of excellence.  So you could see some of the work that DHA was doing with MHS Genesis, their doing a lot of much needed infrastructure updates.  They partnered with Cerner in terms of their data centers.  Once they are using the data centers, then they are able to do a little bit more of DevSecOps natively building capabilities within the cloud instead of having to rely on physical infrastructure and data centers, how we've traditionally have -- have done that.  So yes, the strategy was in part inspired by a number of activities, even within the Air Force, the Navy, the Marine Corps.  The question was, how do we make it so that the entire department can benefit from this modernization?

Not just those who have the means or those that are trying to break glass within their sphere of influence.  We really wanted -- and you hear Jason and I say this a lot.  We really wanted to be able to democratize exceptionalism and that's taking us to the next level in terms of having -- how do our department's leaders think about and talk about IT?  And its not just a back office function, it truly is something that allows us to be able to execute our mission, and when you have really good technology and you have people who are actually able to use it and you have improved processes to be able to enable the speed to which people can use their technology more agilely.  That's what we mean by software modernization and that strategy is really being put forward for the benefit of the entire department, and I do hope that -- that does answer the question.

Q:  It does.  Thank you so very much.

STAFF:  Thank you, Ellen.  Let's move next to Jared Serbu with Federal News Network.

Q:  Yes.  Thanks, Russ.  Thanks to both of you for doing this.  I want to go back to the concept of scaling and integrating the software factories, and I take the point, that I think you both made about a lot of this being culture.  But -- but don't you also need some policy levers you can pull that -- that lets you say to PEOs and PMs, no you actually can't build your own IT infrastructure.  You can't build your own waterfall software project to make your thing go.  Do you have those levers?  Should we expect to see policy changes to implement those kinds of things?

MR. WEISS:  Yes.  Great question.  I'll -- I'll start.  So, today the department has 29 software factories and that covers all the different services.  So we're starting to see some curious ground as well of -- of traction around that.  The memo that corresponds with the Software Modernization Strategy names the software modernization senior steering group as the governance body for -- for driving this.  Right?  And so for example, through that governance group we've created things like a container of governance task force to bring together best practices and to recommend into that governance body what types of policy changes we should consider for commercial technology insertion in the form of software containers.  That's just one isolated example, but we see this picking up more and more speed and momentum especially given the number of software factories.  We're seeing lots of lessons learned start to percolate to the top and a lot of collaboration taking place through things like our DevSecOps community of practice.  So it is a living and breathing ecosystem and we are going to be looking at and listening to those software factories, to determine what policy changes to prioritize and -- and when to effect them.  Ms. Metz, anything to add?

MS. METZ:  Yes.  I think the only thing I will add is, that's the reason why it is so important for us to have that partnership with A&S, because they are able to really reach out into the PEOs, the PMs.  Those who are responsible for a lot of the -- the software activity is taking place, or associated with programs of record.  So they've been doing a lot of policy changes over the past couple of years to be able to help streamline that, and then our partnership with R&E as well.  So that's -- that's the reason I think its really important for us to note that this isn't just a DOD CIO endeavor.  The memo clearly articulated the -- the three OSD components and how that we work together and provide the stewardship and leadership for the department, and of course, a constant collaboration with the military departments, the defense agency field activities and the combatant commands.  So I think this is the first step in terms of codifying some of the activities that we've been doing for the past two years, and so this really sets the stage for us to be able to accelerate the policy and direction guidance based on the feedback and continued collaboration that we have with these different fora as well as the community practice that Jason mentioned.

Q:  If I can follow-up real quick.  I'm going to try and come at this in a slightly different way.  I -- I -- what I'm trying to get at is, and this is really an A&S question probably but -- but how directive do you think the department is going to need to be to make sure that these software factories actually have customers?  I mean, scaling them up is one thing, making sure that they are actually used is another.  Right?

MS. METZ:  Yes, and I think that this is going to be a very unsatisfying response, but I think that this is going to have to happen over time.  Right?  So we're in the throws of making sure that, I think we have 29 software factories now.  The question will become, you know, how many will the department need?  And I don't know if we have a -- a crystal ball to say that.  I think the advocacy of the generation that's been taking place over the past few years in terms of the need for doing DevSecOps and using the software factories as a catalyst to be able to do that.  Its -- its creating a lot of excitement.  So now we're going to have to be able to harness that, and that's going to be the next wave in terms of going after, you know what you're saying.  I think the department shies from doing mandates, what we really want to be able to do is ensure that -- that we set the conditions so that people could be successful.  And if we haven't set the conditions, there's really no need to mandate because you're not -- you're not providing anything that anyone's going to use.  And so, that's the sweet spot I think we need to work towards and this memo allows us to at least be officially recognized that this is where the department wants to go.  Here are the key players in terms of making that happen, and then we're just going to let the governance work the governance, continue to have that partnership across the board with the leadership at the A&S, R&E and -- and DOD CIO.  Thanks Jared.

STAFF:  Thank you Jared.  Let's move next to Lauren Williams with FCW.

Q:  Hi, thanks for doing this.  I want to ask a question about the software acquisition pathway, because it -- it seems to just, kind of, only be -- be mentioned in the memo once and then in the strategy once and so I'm interested in whether this is a directive to get people to actually use the -- the -- the acquisition pathway.  Like, what are you guys seeing in terms of its uses since its been around for, like, a year and a half now?  That was like three questions.

MR. WEISS:  Yes.  I can -- I can start that one off.  So, the latest number that we have is that there are 35 programs that are actively using the software acquisition pathway, and as you pointed out, its -- its only been around for about 18 months.  So that's a -- a pretty strong adoption rate.  Through our close partnerships with A&S and R&E, we are looking at other ways that we can identify and motivate programs that do have software intensive programs which by definition through that pathway -- pathway could even be just risk.  It -- it may not even be cost.  Right?  But risk alone may make that a viable option for the framework, and so I believe that you're going to see much more interest going forward and even further adoption.  And by leveraging and reusing some of the capabilities in these existing software factories, there's going to be a -- a cost savings that could potentially be realized by these programs.  So, I think the best is yet to come for the 5000.87 Software Acquisition Pathway.  Ms. Metz, anything to add?

MS. METZ:  No, I think you answered it very well.  Thank you Jason.

STAFF:  Lauren, are you good there?

Q:  Yes, I'm good.  Thanks.

STAFF:  Sounds good. Let's move next onto Jackson Barnett with FedScoop.

Q:  Thanks Russ.  My question is, kind of, about the current software factories that you have.  What happens to -- to them?  When -- when you say there's, kind of, you had to make exceptions for, kind of, their -- their, kind of, flourishing developments like, are they going to have to change anything?  Like, are they going to have to now say go to the DOD CISO to, kind of, get that news -- that continuous ATO, kind of, sign off?  Do you anticipate any changes that the current software factories have to make to, kind of, meet the vision of the strategy?

MR. WEISS:  So from my perspective, I -- I see us as reinforcing and providing more momentum and encouragement for these software factories, as opposed to them having to change the way that they are executing today.  At the end of the day, the real focus is their continuous integration and continuous deployment capabilities and -- and the CATO or the Continuous Authorization to Operate that you're referring to, is about codifying a standard approach for that term for the Department of Defense.  What we've had in the past was different program elements, different services, using that term in different ways and its created some confusion.  So, in order to figure out what that standardized look of a CATO is and what level of cybersecurity we expect across the three ingredients within that memo, we are going to be working closely with the software factories to tease out those best practices.  So I don't see it as an impediment, I see that as an opportunity for finding exactly where that baseline needs to be, and then amplifying that further.  Does that -- does that address your question?

Q:  Yes.  As I -- I guess it does sound like there may be some adjustments to some of the software factories approach to this, if different software factories, as you said, have maybe have different language, different understanding of the baseline of what a CATO meant.  Am I hearing you right in saying that there may need to be changes to how some of those software factories are -- are approaching that?

MR. WEISS:  So I think one of the nuances lies in the difference between providing a platform that applications are built upon, and actually being just a vanilla software factory if you will.  So I'll use an example from like Platform One.  At the end of the day, Platform One isn't executing a very specific mission, compared to something like say Kessel Run with what they do with their combat command.  Platform One is a platform as a service effectively, and so that CATO initially is really going to target the platform providers that are out there where other application teams are building on top of that.  So, in our initial survey of the 29 software factories that are out there, I can tell you we don't have 29 of them operating under a CATO today regardless of what terminology is being used, and so, that's really our starting point.  It's the beginning of the journey.  We're not at that destination yet, but we have to start this journey in figuring out how to bring some degree of precision of language across the authorizing official community as to what this means.

STAFF:  Okay.  Next question, last question it looks like.  Let's go to Jaspreet Gill.

Q:  Hey.  Thank you for doing this.  So my question's also about the software factories, big shocker.  Obviously each service has its own software factory.  There's 29 software factories, but how do you realistically, like, envision scaling those into one department wide ecosystem?  Like, what are the processes?  What does that look like?  What does the end goal look like with that?  And then I have a follow-up unrelated to software factories.

MR. WEISS:  Sure.  So, I -- I think the first thing is we have to recognize the need for enterprise services, and this is an area that the department historically has -- has not invested heavily in terms of identifying how they're funded, how they're guaranteed to exist from budget year to budget year, et cetera, et cetera.  When we look at a lot of the core capabilities across these software factories, let's just start with code -- source code management.  Do we need every single software factory to go out there and procure and manage and operate their own source code repository?  I think those are examples of where we can actually start to see economies of scale in terms of both operational capacity and cost productions for the department across these software factories take hold.  If we can achieve that, then that allows the software factory ecosystem to continue to grow, but to operate with higher degrees of -- of scale and precision without having to start from scratch every point -- at every point.

Q:  Thanks, and if I could just ask the follow-up.  How does the strategy relate to the data fabric work, the joint staff is leading and the services are working on as part of JADC2?

MR. WEISS:  Great question.  I'm so thrilled that that got asked.  So, our position has always been that digital data comes from software.  And where does software come from?  A software factory at the DOD.  And so we see this ecosystem where the software factory releases an artifact into a continuous delivery pipeline, out into production.  That produces data that's labeled, its trusted, its accessible.  That data gets fed into the JAIC and AI models can then be researched and created, but the creation of the A -- AI model is not the end game.  We need to put that AI model back into an operational state, and that's where the software factories with that CI/CD pipeline become critical forming that closed loop.  So these three initiatives are all incredibly tightly woven together such that you need the software factories to both create the data that can be trusted, labeled, et cetera as well as ingest the AI models that are coming out of the -- the research that we're doing there.  And all of those initiatives are absolutely critical to the advancement of the Joint All-Domain Command and Control initiative.

Q:  Thanks.

STAFF:  Thank Jaspreet.  So there's only a couple minutes left.  Let me turn it back over to Ms. Metz and Mr. Weiss for closing comments.

MS. METZ:  Yes, thanks Russ.  Just again, really appreciate each of you taking the time for to have this conversation with Jason and myself.  We've been at this for -- well Jason's been at if for a year.  I've been at it for a little bit more, but just really thrilled about where we are and where we can go.  And I think that you're going to see a lot more in terms of the partnership, the collaboration with all the different DOD components to ensure that we are advancing in -- in service of the warfighter.  And we all know that the warfighters need to have critical capability at the speed of relevance, and we have to change how we go about doing that and I think the Software Modernization Strategy puts us on trajectory to be able to do that, and just to have a strategy's not enough.  Now we need to -- now we need to bring -- bring it to life and that is what in 180 days we'll have the implementation plan.  The good news is that we've had this community of practice for almost two years, working together and now we're marrying up that organic groundswell of people who want to do good with the strategic vision of the department and now there's no stopping us.  So really looking forward to -- to the next chapter of -- of advancing this, and Jason over to you for any last remarks.

MR. WEISS:  Thank you ma'am.  I'd also like to echo thank you for everybody's time coming out to talk to us.  This is an area our director is extremely passionate about, we've very excited about where the department is headed.  I'll leave you by pointing out that the unifying principles to me are quite important in this strategy.  The idea that we have to be smart in terms of our adoption of cloud and we cannot leave anybody behind in this journey.  So this is far more than just a software, coding problem that we're trying to solve with this strategy, and I think this document does a -- a great service to the warfighter to help advance the cost to bring them the software and the technology that they need.  So with that, I'll say thank you.