The Software Factory
08/22/22 • 37 min
S2E8 - The Software Factory with Chris Hughes
Episode Summary
On this episode, CISO and Co-Founder of Aquia, Chris Hughes, joins Matt to talk about building security in the cloud using automation and compliance. Chris’s career spans over 20 years in the IT/Cybersecurity industry, as well as in active service in the US Military.
Chris talks about licensing and certifications, Cloud innovation, and achieving continuous ATO. How are software factories created and operationalized? Hear about the people side of the business, effectively building a community, and get Chris’s formula for personal growth.
Timestamp Segments
· [01:19] Chris’s 28 licenses and certifications.
· [02:44] The value of certifications.
· [05:08] Chris’s Air Force experience.
· [06:25] About Aquia.
· [07:46] DoD vs the federal civilian space.
· [09:01] BatCave.
· [10:04] Federal DoD compliance.
· [12:55] How do agencies achieve Continuous ATO in the cloud?
· [16:04] Software Factories.
· [21:07] How it’s gone wrong.
· [23:12] What it looks like to stand up a Software Factory.
· [25:24] What works on the people side?
· [28:42] What is an effective way to build a community?
· [32:30] Why Chris reads physical books.
· [35:07] Chis’s formula for personal growth.
Notable Quotes
· “The journey is going to be unique to the organization. It’s not going to be the same for everyone.”
· “Just be real.”
Relevant Links
Aquia: https://www.aquia.us
LinkedIn: https://www.linkedin.com/in/chris-h-97680442
GutHub: Federal DoD Software Factory Compliance
The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
S2E8 - The Software Factory with Chris Hughes
Episode Summary
On this episode, CISO and Co-Founder of Aquia, Chris Hughes, joins Matt to talk about building security in the cloud using automation and compliance. Chris’s career spans over 20 years in the IT/Cybersecurity industry, as well as in active service in the US Military.
Chris talks about licensing and certifications, Cloud innovation, and achieving continuous ATO. How are software factories created and operationalized? Hear about the people side of the business, effectively building a community, and get Chris’s formula for personal growth.
Timestamp Segments
· [01:19] Chris’s 28 licenses and certifications.
· [02:44] The value of certifications.
· [05:08] Chris’s Air Force experience.
· [06:25] About Aquia.
· [07:46] DoD vs the federal civilian space.
· [09:01] BatCave.
· [10:04] Federal DoD compliance.
· [12:55] How do agencies achieve Continuous ATO in the cloud?
· [16:04] Software Factories.
· [21:07] How it’s gone wrong.
· [23:12] What it looks like to stand up a Software Factory.
· [25:24] What works on the people side?
· [28:42] What is an effective way to build a community?
· [32:30] Why Chris reads physical books.
· [35:07] Chis’s formula for personal growth.
Notable Quotes
· “The journey is going to be unique to the organization. It’s not going to be the same for everyone.”
· “Just be real.”
Relevant Links
Aquia: https://www.aquia.us
LinkedIn: https://www.linkedin.com/in/chris-h-97680442
GutHub: Federal DoD Software Factory Compliance
The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Previous Episode
Zero trust with no FUD
In today’s episode, the Creator of Zero Trust, John Kindervag, joins Matt on the show to discuss implementing Zero Trust in your organization. While at Forrester Research in 2010, John developed Zero Trust, promising adequate and effective protection of an organization’s most valuable assets.
Today, John talks about the driving force behind Zero Trust, the concept of the Protect Surface, and Kipling Method Policies. Why is trust a vulnerability? Hear about Zero Trust, Shadow IT, and get John’s recommended resources.
Timestamp Segments
· [02:20] About John.
· [05:29] How does John define Zero Trust?
· [07:45] Why is trust a vulnerability?
· [09:56] The Protect Surface.
· [12:32] Kipling Method Policies.
· [17:22] The roadmap to Zero Trust at scale.
· [22:56] It’s the inspection that matters.
· [28:26] Zero Trust in the Cloud.
· [31:33] Shadow IT.
· [38:54] Tracking specific metrics.
· [40:58] John’s resource recommendations.
Notable Quote
"We can never stop cyber attacks from happening, but we can stop them from being successful.”
Relevant Links
Recommended Reading:
The Zero Trust Learning Curve.
Antifragile, by Nassim Nicholas Taleb.
On Grand Strategy, by John Gaddis.
Winning in FastTime, by John Warden.
LinkedIn: https://www.linkedin.com/in/john-kindervag-40572b1
ISMG: https://ismg.io
The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Next Episode
Book Review: Startup Secure
Book Review: Startup Secure with Chris Castaldo
Episode Summary
On this episode, CISO at Crossbeam and Author of Startup Secure: Baking Cybersecurity into your Company from Founding to Exit, Chris Castaldo, joins Matt to talk about startups and security. Chris is an industry-wide recognized CISO, having over 20 years of experience in cybersecurity.
Today, Chris talks about his book, Startup Secure, his move to startups from the public sector, and the different startup development phases. What should startups focus on during the different development phases? Hear about security trust centers, the top startup security sins, and get Chris’s formula for personal growth.
Timestamp Segments
· [02:03] What prompted Chris to write Startup Secure?
· [04:57] What has changed during the writing process?
· [06:47] Critical decisions throughout Chris’s career.
· [11:17] Moving from public sector to startups.
· [15:39] Startup development phases.
· [20:16] When certifications don’t make sense.
· [26:09] Mistakes in communicating to customers.
· [30:16] Security trust centers.
· [32:45] Startup security sins.
· [35:38] Chris’s formula for personal growth.
· [39:06] Chris’s parting words.
Notable Quotes
· “You’re not the target. You’re just the jumping point to that target.”
· “I don’t need to review the security of a company we’re buying desks from.”
· “You just can’t expect everyone to be a cybersecurity expert.”
Relevant Links
Buy the Book: https://www.amazon.com/Start-Up-Secure-Cybersecurity-Company-Founding/dp/1119700736
LinkedIn: https://www.linkedin.com/in/chriscastaldo
The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Cloud Security Today - The Software Factory
Transcript
Narrator (00:02):
This is The Cloud Security Today Podcast where leaders learn how to get cloud security done. And now your host, Matt Chiodi.
Matt Chiodi (
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/cloud-security-today-215519/the-software-factory-24120965"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to the software factory on goodpods" style="width: 225px" /> </a>
Copy