Original Broadcast 3/30/25
The Department of Defense is undergoing a seismic shift in how it acquires and delivers software. A new mandate from the Secretary of Defense directs all DoD components to use the Software Acquisition Pathway as the default method for developing and procuring software—formalizing a long-building movement toward Agile, iterative delivery through cloud infrastructure.
In a recent episode of Fed Gov Today with Francis Rose, Paul Puckett, Chief Technology Officer at Clarity Innovations and former Director of the Enterprise Cloud Management Office at the U.S. Army, and Keith Jones, President & CEO of Edgewater Group and former Chief Information Officer at the State Department, joined Francis to discuss what this means for the Department and for the broader federal IT landscape.
At the heart of the discussion is the tight connection between Agile software practices and cloud computing. “Cloud is quite frankly the pathway when it comes to available infrastructure to prove value when it comes to fielding software,” Puckett said. Historically, government agencies relied on large-scale hardware procurement processes that often took months or years before software could even begin to be tested. Cloud platforms have eliminated those delays by providing on-demand infrastructure, enabling rapid prototyping and continuous delivery.
Puckett emphasized that the DoD’s shift isn’t a reinvention of software development—it’s an adoption of existing best practices that industry has long embraced. The Software Acquisition Pathway has been around since the FY18 National Defense Authorization Act and has been codified in law since 2020, but, as Puckett noted, the challenge has been “understanding how to leverage it.”
That challenge often boils down to culture and process. Too many agencies, Puckett observed, are still operating with a “waterfall mindset”—where requirements are fully defined upfront, and delivery is expected to hit all targets in a long, linear development cycle. “It’s a world of prophecy,” he said, “and you hope that you built the right thing.” By contrast, Agile and DevSecOps methodologies prioritize flexibility, frequent user feedback, and incremental releases.
Keith Jones, drawing on his experience as State Department CIO and earlier at the Department of Homeland Security, agreed. “Cloud adoption and iterative design are not new on the civilian side,” he said. “We’ve been doing two-week sprints, getting mission and contracting folks in the room, and aligning everyone on Agile and DevSecOps.” He stressed that successful Agile environments require education and collaboration across IT, contracting, and mission leadership—a point that’s become more important as technology and mission operations become increasingly interdependent.
One of the enablers of this transformation has been the rise of software factories across the services. Initially misunderstood as in-house development shops, these factories are more than just coding centers—they’re hubs of innovation and experimentation where acquisition professionals, developers, product managers, and cybersecurity experts work together to prototype, test, and deploy solutions in a collaborative environment.
Puckett made clear that these factories were never intended to compete with commercial vendors. “The whole purpose was for the government to understand what good software looks like,” he said. That understanding is essential not just for internal development, but for better decision-making when procuring commercial products, managing vendors, and integrating disparate systems.
Security is a key part of this conversation as well. “Let’s not forget the cybersecurity piece,” Jones said. “We have to make sure security is built in from the beginning.” Embedding security into each stage of software development ensures that agencies don’t reach the end of a build cycle only to find themselves stuck waiting for an authority to operate (ATO). Continuous ATO processes, like those used in many software factories, enable more dynamic risk management and faster fielding of capabilities.
Still, both Puckett and Jones acknowledge that change is hard. “One of my favorite documents is the Defense Innovation Board’s ‘Detecting Agile BS,’” Puckett said, referencing a checklist that calls out whether all parts of a project—including cybersecurity, interoperability testing, and user feedback—are truly Agile. If not, he warned, then agencies may just be giving Agile lip service.
One strategy for breaking through resistance? Put skeptics at the center of Agile teams. “Take the person who’s your biggest hurdle,” Jones suggested, “and give them responsibility to make things happen in an Agile environment.” More often than not, he said, they adapt and become champions of the approach.
Looking ahead, Jones offered advice for CIOs preparing for increased scrutiny of their programs: “Start with your own internal scrub. Understand what’s being delivered, what it’s costing, and where the inefficiencies are.” He recommended zero-based budgeting approaches to identify savings and realign resources—an exercise that becomes increasingly important as Agile teams move quickly and funding must follow performance.
As Agile and cloud continue to take hold, both leaders emphasized that the goal isn’t speed for speed’s sake—it’s better outcomes, faster. “This isn’t about building everything ourselves,” Puckett concluded. “It’s about being smart stewards of taxpayer dollars, knowing what good software looks like, and making sure we’re pulling in the right capabilities at the right time.”
With a new directive from the top of the Pentagon and a growing base of expertise in both industry and government, the foundation is now set for a more responsive, efficient, and mission-aligned approach to software in the federal government.