Understanding DevSecOps KPIs – Part 3: Measuring Culture
In this three-part series, we’re looking at the Key Performance Indicators that should be used when measuring the success of a DevSecOps project. In part 2, we looked at key security metrics that you should be measuring.
In this blog post, we’ll explore what might be the most important measure of progress: culture.
Possibly the most important measure of progress that we at Oteemo are able to make is a measure of culture. Again, DevSecOps is something that you do, not something you can buy. It is at its root, a massive cultural change.
The big question becomes how can one measure something as abstract as culture. Our answer, though it may not be perfect for every organization, is something that works well if used with discipline and good intent.
Culture is a vital measurement to determine your team’s buy-in, trajectory, and more. By properly measuring culture, you’ll find gaps between leadership and execution, and discover ways to deepen your organization’s buy-in.
We built an assessment tool based on 10 basic questions that measure a team’s understanding of DevSecOps goals, whether they have the right tools and support, and how teams feel about collaboration that exists within the organization.
The weighted average of the team’s responses is taken and plotted as a graph that shows the collective sentiment of the team for every question. Leaders and managers can then take appropriate steps to mitigate issues and improve.
Culture is a KPI
It’s vital to understand the importance of culture as a KPI. Organizations are made of people, and people will determine the success or failure of an organization.
By making culture a KPI you’re ranking people as a key part of your organization, understanding the importance of quality team members, managers, and leaders, and how they all work together to make safe and secure products.
Combined with DevSecOps KPIs, a culture measurement gives you a comprehensive and actionable view of your people and product. With this information, you’ll be able to map a path and trajectory toward organizational success.
The DevSecOps Journey Ahead
Without a destination, there can be no journey. Make sure you clearly establish with your teams what you hope to achieve with DevSecOps. You can then track your success by defining the right metrics and how you intend to see those metrics change over time.
Most importantly, closely monitor progress towards that goal along the way and always adjust course to stay on track! Subsequent measurements are just as important as the initial measurement.
Questions about your DevSecOps? Looking for guidance as you prepare your next project? Reach out to us at [email protected]
Learn more: Revisit Parts 1 & 2
The Most Important Measurement in DevSecOps: Culture is part 3 in a three-part series. To gain an understanding of the Measure What Matters series, learn about traditional DevOps metrics, and how to add security metrics, and revisit parts 1 & 2.