#US Air Force#DevSecOps#Cloud One

Exclusive Interview: Nicolas Chaillan of US Air Force

Nicolas Chaillan, Chief Software Officer at the US Air Force and Co-Lead of the DoD's Enterprise DevSecOps Initiative on the successful launch of Cloud One

|Aug 10|magazine13 min read
Nicolas Chaillan
US Air Force

Chief Software Officer

The US Air Force needs little introduction. Operating with a mission statement of: ‘fly, fight and win… in air, space and cyberspace’, the organisation affirms that only the best is good enough. With serving the American people at the forefront of decision-making, the US Air Force has established three essential core values to which it adheres: ‘Integrity First, Service Before Self and Excellence in All We Do.’

Sitting down with Gigabit in the US capital of Washington DC, Nicolas M Chaillan, Chief Software Officer at the US Air Force and Co-Lead of the US Department of Defense (DoD) Enterprise DevSecOps Initiative, is responsible for overseeing the successful launch of Cloud One, supporting all business and weapon systems in the Air Force and the DoD Enterprise DevSecOps Initiative. Introduced by the Chief Software Officer and Gen. Schmidt in July 2019, a combination of both Microsoft and Amazon Web Services’ cloud platforms has allowed the Air Force to operate at heightened speeds, providing access to cloud capabilities to airmen within days to enable software development on the cloud or leveraging artificial intelligence (AI). “This is game changing for us,” affirms Chaillan. “The current process takes around six to eight months for someone to be granted access to a cloud to deploy software there.” With the initiative focusing on marrying automated software tools, baked-in cybersecurity, services and standards to the DoD program, it is set to enable fighters in the field to create, deploy and operate software applications in a secure and flexible way. “Having started nine years ago, DevOps has become the evolution of agile and is now able to use automation, both in testing and cybersecurity, to help bring software into production,” explains Chaillan. “By removing the impediments we have in order to build software faster and better, DevOps enables us to deploy software on the commercial side multiple times a day. For us in the DoD, cybersecurity is vital because of the continuous monitoring side of the house. That is why we call it DevSecOps. It’s important that we’re able to constantly see what's going on in production in real-time with a zero-trust model down to the container level, with behavior detection and centralized logging so we can obtain the data and get the telemetry back to development teams.”

With the task of implementing the DevOps, the Air Force has begun implementing software factories such as the Kessel Run Laboratory over the past few years. Through Kessel Run, Chaillan believes the Air Force has transformed the way it develops and delivers software capabilities. “Back in 2017, the Air Force was already very innovative and decided to develop Kessel Run while also building software and mission capabilities to use the Kessel Run factory,” he says. “The goal wasn’t just to build a factory for the sake of having a factory – it’s been to create mission software and bring tangible value to the warfighters.” 

Chaillan began work at an early age in his native France. At 15, he created and developed his first company. “I've been on the commercial side for a long time, I ended up selling 12 companies and building robust teams in cybersecurity and software innovation,” he explains. “I moved to the US around 10 years ago and, after selling my companies, I decided I wanted to make a difference and have a real impact. Building mobile applications and other cool technologies is fun, but it’s not the same impact as we have in the federal government.” Due to new technology such as Big Data, machine learning (ML) and AI becoming increasingly influential globally, businesses worldwide are adopting innovative, modern processes in order to remain current. The case also applies to the US Air Force, with Chaillan understanding the impact that technology has had on the way his organisation conducts operations. “I think the entire future of war is going to be something that’s driven by embracing these kinds of technologies, whether it's AI, ML, Big Data or cybersecurity offence and defense,” affirms Chaillan. “If you can't adapt while in production, then you're stuck in time and there’s nothing worse in software than that. It’s important to bring in new capabilities as well as adapting existing capabilities to make sure you can fix problems as they arise.”

Cybersecurity is perhaps the dominant factor at the forefront of Chaillan’s decision-making. With the importance of keeping highly-confidential information secure at all times being crucial to both the DoD and the Air Force, the government must remain proactive rather than reactive to counteract any potential threats. “Proactivity is the only way, particularly in terms of cybersecurity because you can’t afford to be reactive,” he says. “If you’re not being proactive, you’re not doing a good enough job. You have to combine what’s already stable enough to use versus something that’s new but just a little too early.” Striking a fine balance between the risk of embracing disruptive technology to accelerate current processes and sticking to previously successful approaches is challenging. However, Chaillan believes one of the biggest hurdles to overcome is continuously training staff with the latest trends. “You really have to understand the risk, because technology is accelerating at an incredible pace at the moment. In IT, you have the ability to completely change the way you're doing business; sometimes it’s going to last and sometimes it may not.”

In order to arrange and manage software containers, the Air Force has deployed Kubernetes, originally designed by Google and now maintained by the Cloud Native Computing Foundation (CNCF), as part of its DevSecOps platform. “As a government, it’s important that we don’t get locked into a particular cloud provider or platform,” says Chaillan. “When I started, I wanted to ensure that whatever we built was abstracted so we weren’t reliant on a single vendor or product. It was a key reason why we initially chose Kubernetes and decided to abstract our entire stack because, whatever application you use, you want to ensure you understand the costs and the impact of the lock-in with that specific application.”



Proactivity is the only way, particularly in terms of cybersecurity because you can’t afford to be reactive

Nicolas Chaillan | Chief Software Officer, US Air Force