5 minute read
Cloud, cyber security & leading in a threat environment without decelerating innovation
Wri en by: Heath Muchena
In this Q&A, Heath Muchena talks to Ihor Feoktistov, the CTO & co-founder of Relevant Software which operates across Europe & USA off ering services ranging from so[ - ware developments, cyber security, arঞfi cial intelligence & machine learning to DevOps. Feokঞ stov shares his wealth of experience from his so[ - ware engineering advisor background and explores issues around Cloud, cyber security, and how to lead agile teams. Excerpt:
Advertisement
What are your top 3 ongoing prioriঞ es as CTO in your organisaঞ on?
Today I can note the following prioriঞ es: • Building a competency control system to ensure the highest quality of our services. Technology and the market are changing, customers come with various requests so this task is ongoing. A skilled team is the core of our company, so it’s the fi rst priority. • Development of new and improvement of our exisঞ ng services. As the tech world is rapidly changing, we should too. Now we are increasing focus on cybersecurity as our services and as a way to secure our own assets. • Knowledge sharing within the company. To grow a strong team,
I’m working on creaঞ ng a knowledge sharing culture with internal lectures, mentorship, and upskill programs.
What are your top 3 ঞ ps for leading remote workforces?
• Create defined workflows. By that, I mean creaঞ ng clear project guidelines for KPIs, teamwork, and reporঞ ng, describing your tasks in detail, seম ng precise tasks, and giving detailed answers. • Communicaঞ on. Leverage faceto-face meeঞ ngs. Live face-toface meeঞ ngs play an essenঞ al role in building a solid rapport and personal connecঞ on with a team. • Avoid micromanagement. Communicate project goals and pain points instead of solutions to them — unless you are specifically asked, or you can see that the team is failing.
What is changing most profoundly in the threat environment and what is your top cyber security best pracঞ ce ঞ p?
I believe phishing and social engineering are the main threat, the recent case with Twi er proves it. To prevent that from happening to our company, we provided employees with security awareness training. We also created a guide on email security that we shared with a team and clients.
Our company provides software development services and we include security in the SDLC process. We recommend our clients to implement DevSecOps or hire cybersecurity consultants for part-ঞ me at least to perform threat modeling and penetraঞ on tesঞ ng to secure their applicaঞ ons early on. We also encourage companies to develop ISMS. This is one of the common pracঞ ces that helps minimize security risks.
Any thoughts on how cybersecurity soluঞ ons for businesses will evolve over ঞ me?
I think cybersecurity will become more automated, especially with the rise of AI. The system will be trained to automatically detect and block the a ack with big data and machine learning.
Is your business using Cloud?
Who is your preferred cloud provider? Why?
Our company mostly builds SaaS soluঞ ons, and, of course, we host them in the Cloud. I prefer AWS as it provides a wide variety of tools and fully covers our needs. Here is a list of the tools we mostly use: • AWS EC2 Elasঞ c Container Service and AWS Lambda Serverless
Compuঞ ng • Secure Storage (Amazon S3) and
Amazon Elasঞ Cache • Amazon RDB, Amazon Aurora, Amazon DynamoDB and dozens more • Amazon Service Discovery and
AWS App Mesh, AWS Elasঞ c Load
Balancing, Amazon API Gateway and AWS Route 53 for DNS • Amazon SQS for message queuing and SNS for publishing and noঞ - fi caঞ ons • AWS Cloudtrail for API monitoring and Amazon CloudWatch for infrastructure monitoring • Amazon Container Image Repository (Amazon ECR) and other
DevOps tools for enabling CI/CD workfl ows. • Amazon Cognito for user management.
What are the criঞ cal points that enterprises need to remember when they consider data storage?
They should at least consider threat analysis and risk assessment.
Where are you on your DevOps journey and how much of it is done in-house and how do you select technology partners for your projects?
We have excellent DevOps and DevSecOps experঞ se in-house, and we provide DevOps services to our clients while building so[ ware for them. Right now, we are focused on implementing security in all areas of our work, including DevOps (DevSecOps), and bringing more automaঞ on to CI/ CD pipelines. As for our clients, we always recommend building DevOps\ DevSecOps based on business needs and cost-benefit analysis. So, some small pilot projects and concepts can be developed and released without any DevOps specialist, and on another our projects can be fully automated with CI\CD and cybersecurity checks.
How do you measure a good
Agile team?
I measure the performance of Agile teams by well-known best pracঞ ces and KPIs: • Sprint burndown. It helps us meet our sprint esঞ maঞ ons and stay on top of it. • Velocity. This metric shows how quickly a team can complete tasks in the backlog, which helps make more precise forecasts. • Planned-to-Done Ratio. It’s another metric that trains predictability for be er sprints planning. • Escaped Defect Rate. With this
KPI, we track the quality of the
Agile team work. It shows how many bugs we produced during the development. You can close tasks quickly, but if you do it with bugs, it makes no sense. • Code Coverage. Another indicator of code quality, which is crucial for us. The code has to be fully covered with tests to minimize bugs on the producঞ on. How do you successfully determine effi ciency, reliability, or compaঞ bility with exisঞ ng systems of hardware and software and what are some eff ecঞ ve methods you use to monitor and analyse system performance? Regarding this, I strongly recommend check Site Reliability Engineering (SRE) topic and read books which Google recommends.
Author bio:
Heath Muchena is the Publisher of Tokenised Africa, a decision informing, discussion shaping, Africa crypto market data & analysis report. He is the founder of Proudly Associated which advises internaঞ onal tech companies developing technologies that have use cases focused on emerging economy development, parঞ cularly in Africa. He is also the brains behind Block Patrol – a technology adopঞ on and business development startup that pushes the value of innovaঞ on upstream to leverage new opportuniঞ es and foster growth. He is a startup investor and venture partner in several other enterprises. An author of 15 books, he is also a tech journalist.
