VIDEO | Prevent Breach CTO: Software Is Ephemeral

VIDEO | Prevent Breach CTO: Software Is Ephemeral
Published on

(US and Canada) Nicolas Chaillan, Chief Technology Officer, Prevent Breach, speaks with Michael C. Fillios, Founder and CEO, IT Ally, about his experience of working in public versus private sectors, incorporating DevOps and DevSecOps, and the three-pillar approach to cyber-security.

Chaillan introduces himself as the youngest French entrepreneur who made a difference by applying his cyber innovation skills to national security. First, he joined the Department of Homeland Security as the special advisor for cyber and chief architect. Then Chaillan was appointed the first Chief Software Officer at the Department of Defense.

The transition from being the founder of a smaller start-up to the bureaucratic universe of DOD was mind-boggling, he says. As an entrepreneur, he had the power to control and get things done. But with a massive team of 4 million people with annual funding of 810 billion in the Department of Defense, it felt staggering, says Chaillan.

Next, he mentions that some silos and barriers came in the way of executing the job at DOD, but the sense of honor from serving the nation remains unmatched. Chaillan reckons that one can become a part of the problem by not realizing when to go back to the commercial side.

Chaillan considers DevOps a massive enabler that saved them 100 years' worth of time when they moved 27 heavy-duty programs into it. Then, he highlights the importance of incorporating the innovative tools of DevOps and DevSecOps at a government agency. The methodology removes the silos and barriers between the development and operation teams while delivering incremental software multiple times a day, affirms Chaillan.

With DevOps, the organization will know where to focus and witness a rapid return on investment, Chaillan continues. He emphasizes failing fast but not failing twice for the same reason.

Moving on to DevSecOps, he maintains that it is an evolution of DevOps, which weaves security into every stage of software development. Chaillan analogizes DevSecOps as a weapon to orchestrate the entire stack of software that is running while augmenting the cyber capabilities of an organization.

In this context, Chaillan highlights three pillars of cyber-security. The first is moving target defense, wherein the software is transient and must be brought to an immutable state every four hours. He asserts doing numerous things like that to mitigate the ability of the malicious actor to access the software stack.

The second pillar of modern cyber defense is zero trust, where access is denied based on well-defined policies. It prevents the threat actors from accessing a part of the system and prohibits their lateral movement to access crown jewels.

Finally, Chaillan explains the third pillar, in which continuous monitoring of system behavior through AI and ML happens. Here the system is monitored, and if it misbehaves, they remove the misbehaving capability to ensure the system returns to its desired state.

Related Stories

No stories found.
CDO Magazine
www.cdomagazine.tech