The Challenge: Complexity and Legacy Debt
- Fragmentation: Growth via acquisition resulted in a “large footprint” of legacy technologies and inconsistent tooling processes and workflows across teams.
- Tool Sprawl: The division was previously utilizing four different vendors for code security, leading to complexity in renewals, management, and vulnerability interpretation.
- Initial Skepticism: Early feedback on AI Copilots was critical, with engineers deeming the models “middle school” level maturity.
The Solution: Consolidated AI-First Ecosystem
Cisco partnered with Opsera to increase velocity by consolidating its development tools portfolio, standardizing workflows and capabilities across teams and projects.
- Tool Consolidation: Rationalized four security vendors down to a single solution: GitHub Advanced Security (GHAS).
- Unified Visibility (Opsera): Deployed Opsera Unified Insights to serve as a “single pane of glass”. This allowed leadership to measure the initiative’s progress, adoption and ROI across a global, complex hierarchy, filtering by region, role, or vendor.
- AI Integration: Aggressive adoption of GitHub Copilot to drive developer velocity, supported by Opsera’s Hummingbird AI for natural language insights on risk and productivity.
Key Performance Indicators (KPIs) & Operational Impact
Initial results reveal a clear shift away from a fragmented, reactive security posture to a unified, high-velocity, AI-driven development environment. Highlights include:
| Metric | Before | After | Comments |
|---|---|---|---|
| Defect Remediation Time | Triaged in future backlogs | <8 hours, in same sprint | Critical bugs and vulnerabilities now addressed in real time. |
| Time to Pull Request | — | 3x faster | Less time/effort to create code |
| Cycle Time to Merge | — | 62% faster | Changes merged much faster |
| Security Vendors | 4 | 1 | Lower administrative overhead |
| GHAS Adoption | n/a | 75% and growing | Scaling up AI impact, ROI |
Operational Metrics
Adoption
- Currently at 75% adoption of the new security suite, with the remaining 25% scheduled for near-term migration.
Velocity & Efficiency
- Opsera metrics highlighted preliminary improvements of 3x faster Time to PR and 62% faster Cycle Time.
- Opsera also highlights a more modest 7% improvement in Lead Time to deployment, identifying a bottleneck to address in the next phase of Cisco’s migration.
Security & Quality
- Critical issues and vulnerabilities are now fixed during the sprint (often under 8 hours) rather than being added to a backlog to be triaged and addressed in a future sprint.
- Pre-commit hooks now automatically block secrets such as Azure tokens from entering the codebase.
Cultural & Strategic Impact
- From “Tax” to “Tool”: Initially viewed as an additional “tax” or burden, security tools became a driver of efficiency. Developers transitioned from passive users to “security champions”.
- Contextualized Insights: Leadership uses data not to penalize, but to understand bottlenecks (e.g., language shifts from Go to Python affecting metrics), ensuring a supportive rather than punitive culture.
Takeaways
Cisco’s journey validates that large-scale enterprises can successfully pivot to “AI First” development cultures.
- The success factor was not just the AI tools (GitHub), but the orchestration layer (Opsera) that provided the “missing link” of actionable, role-based insights. This combination allowed Cisco to prove ROI, manage change management at scale, and turn potential “alert fatigue” into measurable improvements in development velocity.
- The “Early Adopter” Strategy: Management identified internal champions willing to pilot the technology despite early friction. Their success stories and the simplified developer experience (DX) created a “ripple effect” facilitating mass adoption.
