DevSecOps Drives Change at the Air Force An interview with Nicolas Chaillan, Air Force, Chief Software Officer and Head of Platform One Nicolas Chaillan is the head of the highest-visibility DevSecOps initiative in all of DoD, and one of its foremost champions. “It’s the only way to build software in 2020. Doing it without DevSecOps is, to me, borderline criminal,” Chaillan said. He has led Platform One — the internally developed, centralized DevSecOps program that coordinates 15 software factories nationwide, with each providing DevSecOps services to one or more programs, weapons systems and/or commands — since its inception. In addition, the Office of the DoD CIO earlier this year formally designated Platform One as an Enterprise Service Provider for DevSecOps for the military. Chaillan said the biggest advantage to DevSecOps over other development methods is that it bakes security in — it cannot be bypassed, ignored or treated as an afterthought — and that means the software and capabilities are secure and can’t be stolen by other nation-states. “We learn the normal behavior of the system. If you see the system doing things it’s never done before, [the built-in security measures] will kill the bad action going on,” he said. “Having that trust, detecting malicious behavior and a zero-trust implementation — we never had [that] before.”
12
A GovLoop + Carahsoft Guide
