 Hi, CubeCon, and thanks for joining us today to talk about the duty enterprise DevSecOps initiative with Platform One. Pretty excited to be back and share with you some of our two-year journey to Kubernetes in each year. Let's get started. So as you can see, the duty enterprise DevSecOps initiative is a joint team across the Department of Defense. The goal is to bring enterprise services with Cloud One and Platform One. Cloud One is our cloud office to connect to both Amazon and Azure and be cloud agnostic. And Platform One is the DevSecOps team that's focused on bringing Kubernetes and the service mesh and the hotend security that we need to bring a CI CD pipeline, bringing that timeliness and modularity component to enable reuse across the Department. We're mandating and using CNCF compliant Kubernetes clusters and OCI compliant containers as legal blocks so we can be more efficient in the creation of systems and weapons. Effectively, we are bringing this as a duty-wide DevSecOps managed service with all the collaboration tools, development tools, and cyber tools that we need to be able to produce software that's not only doing what it's supposed to be doing, but also with that faking security and zero trust. And some of the key tenants of what we do is GitOps. Everything is in Git. Obviously, everything is Kubernetes native. Zero trust is baked in with also that behavior, continuous monitoring detection and prevention capability as well. We're not going to have the time to talk about zero trust, but we have a whole video on our website. We'll put the link at the end of the presentation for you to check it out. It's covering the north, south, east-west traffic, zero trust enforcement, device enforcement for our employees and contractors as well. Now, we also created Iron Bank, which is the open-source container registry where we harden and secure 450 containers, both open-source and commercial tools so they can be consumed with hardened configurations and hardened operating systems. We use Universal Base Image 7 and 8 from Red Hat as well. Like I said, we created this sidecar container security stack that's doing that behavior detection and zero trust onto the container and all the function level if people are using things like K-native on Kubernetes as well. And self-learning capabilities are foundational for the success of the department. So we have about 100,000 people we have to train every year. So we want to bring this state-of-the-art DevSecOps curriculum with unbiased content. We see a lot of companies pushing their one-size-fits-all content training. And we want to really make sure we have options. So we are partnering with the K-native Computing Foundation already in the books to bring a broad and diverse set of training content so we're not pushing for a single product or cloud. Everything we do is about metrics and acceptable threshold in CI-CD pipeline to break the build for safety reasons, for security reasons. And we created the concept of a continuous authority to operate, a continuous ATO that enables us to release software multiple times a day. Pretty exciting to see in the department as well. So in 2019, we talked about how we built these pretty cool simulators. And then we showed you that in 45 days, we put Kubernetes and Istio on F-16 jets. Pretty exciting to see. And then we created Platform One to become that central team that is helping all these duty programs and science and technology partners, contractors, startups, and non-traditional ventures groups, and other agencies as well. That turned into a broad software ecosystem all over the United States, with teams focused on different missions from space to nuclear systems to jets to bombers to business systems to cyber-law offense and defense. And we ended up creating a bunch of services, some open source to the world, so you can go and check it out. We have the full detail on the software that they have at the MIR website. But you can see the Rape 1, for example, is our source code, Rape 1. That's where we put all the container source code and fresh trace code, all the Kubernetes distribution that we hardened. And so you can go and check out all that open source code on Rape 1.dsa.mil. And then we have, like I talked about, Iron Bank and Registry 1, which is our container registry, where we have 450-plus containers available. Centrally, we built, signed, and scanned with three scanners. And we provide the body of evidence of all the CVs and all the mitigation done. You can see Iron Bank on ironbank.dsa.mil. And Registry 1 is Registry 1.dsa.mil. Those are three services that we provide for the department, but also we open-sourced all of that as well. We also hardened multiple CNCF-compliant Kubernetes distributions. We partnered with multiple companies that do business with the departments, including Rancher, Convoy, VMware, TKG, AWS, EKS, Azure, EKS, and of course, WANA OpenShift as well. So you can check out the Kubernetes matrix. We created this comparison matrix to compare Kubernetes distributions in terms of features and capabilities, looking at a lot of details. So I think it's very interesting, even for commercial customers, to take a look at that matrix to see how to pick a Kubernetes distribution based on your needs. So a lot of great information there as well. Now, we created two main services, PartyBus and Big Bang. PartyBus is our multi-tenant DevSecOps service that we run as a service and our development teams in DoD can go and use it. It's a development test staging in production environment at different classification levels. And then we have the Big Bang. And the Big Bang is also completely open source. So check it out. If you Google platform one Big Bang, you're gonna see on Rape 1, the entire code base of Big Bang, that's our platform one on-demand push button deployment. So you can instantiate a dedicated enclave on-demand just by deploying Big Bang using complete automation. Again, we're following get-ups. So you can take that code from Rape 1 and all the fresh-dress code and configuration-dress code. And then you can even contribute back to us. We have all the foundational blocks of Big Bang, but you can also create add-ins. So if you have a great capability, you can get your, as a commercial company, you can get your container approved on an bank. There's a onboarding guide for containers. So if you have a container, you wanna get it approved for duty use, all the way to the highest classification level, we streamline that process to two to four weeks now. So it's very easy to do business with the Department of Defense. You can go on IronBank, get your container accredited, and then you can even create an add-in on Big Bang to have a full get-ups instantiation, whether it's a home-chall or commasor operator to instantiate whatever product that you're building on top of Big Bang. For example, it could be a Kubeflow instantiation, it could be a native instantiation. You can pick your product of choice and create add-ins on top of Big Bang to instantiate that anywhere. We run on jets, bombers, on-premises, at the edge, on different hardware, from legacy 20 years old hardware to cloud-native capabilities, all the way to air-gapped clouds as well. So check out Big Bang, it's completely open source, and we'll have to get your feedback on what we've done. Now, we obviously invest a lot of time and money in training, and like I said, we have 100,000 people to train, so we created this portal, we've created content, partnered with the Linux Foundation, CNTF, and ORIB, the bugs, but we also did workshops, right, so we can onboard companies that are trained to do business with the Department or have engagements with programs within the Department of Defense or apply for grants to do business with the Department of Defense. We have ACWIRX, which is our grant mechanism, venture arm of the Air Force to partner with startups to do business with the Department of Defense, so please check it out. But we do a three-days workshop all the way to a two-month full onboarding that helps teams get started with DevSecOps, that I've never done DevSecOps before, for our duty programs. Many are moving from waterfall all the way to DevSecOps, so we can embed people, platform one, into their teams, and that really is what makes it more efficient to collaborate and have a successful, minimal-viable product built within six weeks to two months. We created also a lot of different services with our cloud native DNR, so we use the call DNR to move the dot mail to the DSR dot mail he's hosted on Cubase, using call DNR, completely managed as configuration, as code, or police CS code, using Git mergers, so that's exciting to see as well. All hosted on platform one and Cubase. We also do all the identity management, single sign-on and PKI, we use key clogs for single sign-on. It's all provided as a service by platform one on Cubase, where we have multiple multi-factor authentication options, we can do both personal entity, so human authentication and non-personal entity authentication using X519 certificate. We use Vault to manage our PKI, and that brings us that cloud agnostic, native, elastic capability that can be hosted anywhere. Again, everything we do is GitOps driven, so push, button, sensation of all these different products is very easy for us. And of course, we then use these capabilities to do code signing and container signing and NP and PE authentication as well. Now, some of the great story we announced this year and last year is that the Department of Defense, particularly the Air Force and Space Force, are now using Cubase and East Europe for all new work, but also bring it to existing platforms, including the U2Jet, for example, that is multiple decades old, but yet we're able to not only push Cubase and East Europe on the jet, but also fly it over the air update received while flying. We deployed Big Bang, like I said, the Big Bang open source code can be used anywhere, air gapped on clouds. In this case, we put it on the jet in 12 days and we flew the jet with Cubase and East Europe with our hard and Big Bang deployment. We were able to receive the over the air updates and run AI and ML capabilities completely containerized on hardware that used to be running AIDA and C code now moving to Python and Go and other languages. So it's pretty exciting to see. And some of the great platform one metrics, we have now about, I would say, 270 people in the team. The majority of the team is comprised of contractors, but we have also military and civilian personnel. We have, like I said, the Big Bang and the party bus. Big Bang can be in Sanchez anywhere, so we have hundreds of those now across the department, but also outside of the department, we see a lot of commercial organizations starting to take Big Bang and use it for their desiccups work. For example, Lockheed Martin just announced they're going to use Big Bang for all of Lockheed, not just the dirty work for all desiccups team. So that's going to be in a big enabler to move fast. We have 454 containers on Iron Bang. And the party bus now has 3,200 developers on it with 2,500 microservices built. And that's just within the last seven months, 41 applications in production, 219 teams on party bus. The CNAP is our cloud native access point that's our ZeroTrust ingress egress to the cloud to enforce the device state and the user identity. And based on the component risk of the device and the user, we widely access resources. So we have a full video on the website for you to check out information about our ZeroTrust model. So check it out. We have now 20,000 also active user on the cloud native access point. And in terms of our Dora metrics, we released after 21 times a day in production with under two days for lead time and under 15 minutes of time for to restore and under 5% change federate, which is a good beginning but that's not good enough. We want to obviously continuously improve and do better but that's a great starting point for our government organization of doubt. Now, a lot of people ask us, okay, but we want to learn more and check this out. Well, you want to go to the chief software office website software.app.mail under DSLP documents. You're going to find all our videos and documents including the ZeroTrust video I just talked about. Under the training section, you're going to see all the training video we created or some of it at least that we created. Check out the platform one website. You're going to see all of the different platform products, how we architected the products and how we designed it. More importantly, on repo one, you're going to see all the source code of everything we do, including the big bang code, all the container hardening code, all the pipelines that we have. And then of course you can even consume and create an account to consume containers on registry one. Just go and log in the DSLP mail create an account and then you can log in into registry one and be able to see how we use Harbor for container registry. So go on Harbor and check out the different containers we have and you can go to repo one and see the Docker file. So you can see what kind of hardening we do for each container. Of course, if you see improvement that can be made, please push a merge request to repo one so we can improve the containers and get better as a team. And of course we do events, we do a lot of live discussions where we take questions live from the audience every month. So if you have questions, you're going to talk more, please check it out. And like I said, with a whole video on geotrust, each of these products have deep dives on how to partner, how to be part of this. We are also announcing a contract vehicle that will enable companies to take some of that code and effectively create a commercial service around it. So if you want to help companies to harden containers on Iron Bank, if you want to deploy your SaaS capability in the Department of Defense, you can do that through that vehicle. If you want to maybe get some of your products containerized and hardened in Iron Bank so they can be deployed in DoD and then sell licenses for consumption to create more revenue for your company, you can do that. It's very easy to follow the container onboarding guide on Iron Bank to get your container approved for DoD use. It's not like it used to be 10 years ago. Like I said, we streamline the whole process for startups to do business with the department so you can even get grants with no equity given. So please check all this stuff out. Check AFWORKS, it's spelled A-F-W-E-R-X. You're gonna see all of the grants and how to apply to be part of that grant cycle which is every quarter. So please come and share with us, give us feedback, see what we could improve. What can we do better in security? Like I said, we do a lot of behavior detection and content monitoring and we use Istio for our service match today. So love to get your feedback on what we can improve. If you have any questions, please shoot us an email at af.cso at us.af.mil. Looking forward to hearing from you guys and stay safe and stay tuned for what's coming next. Thanks for your time.