Melodi
Disaster Cat
US Air Force chief software officer quits after launching Hellfire missile of a LinkedIn post at his former bosses
Too many inexperienced project managers and not enough DevSecOps
www.theregister.com
Too many inexperienced project managers and not enough DevSecOps
Gareth Corfield Fri 3 Sep 2021 // 18:14 UTC
27 comment bubble on white
The US Air Force's first ever chief software officer has quit the job after branding it "probably the most challenging and infuriating of my entire career" in a remarkably candid blog post.
Nicolas Chaillan's impressively blunt leaving note, which he posted to his LinkedIn profile, castigated USAF senior hierarchy for failing to prioritise basic IT issues, saying: "A lack of response and alignment is certainly a contributor to my accelerated exit."
Chaillan took on his chief software officer role in May 2019, having previously worked at the US Department of Defense rolling out DevSecOps practices to the American military. Before that he founded two companies.
In his missive, Chaillan also singled out a part of military culture that features in both the US and the UK: the practice of appointing mid-ranking generalist officers to run specialist projects.
"Please," he implored, "stop putting a Major or Lt Col (despite their devotion, exceptional attitude, and culture) in charge of ICAM, Zero Trust or Cloud for 1 to 4 million users when they have no previous experience in that field – we are setting up critical infrastructure to fail."
The former chief software officer continued:
We would not put a pilot in the cockpit without extensive flight training; why would we expect someone with no IT experience to be close to successful? They do not know what to execute on or what to prioritize which leads to endless risk reduction efforts and diluted focus. IT is a highly skilled and trained job; staff it as such.
In the British armed forces mid-ranking officers are posted, regardless of qualifications or professional experience, to manage equipment-purchasing projects for the Ministry of Defence. These postings are of fixed length and last for two years, meaning any project that takes more than two years has the potential to end up turning into a hugely expensive and unproductive mess. The origin of this policy was a 1980s corruption scandal where a civil servant overseeing a long-term MoD contract was caught accepting bribes; to prevent it happening again, senior personnel decided to implement the two-year-posting policy.
Chaillan went on to complain that while he had managed to roll out DevSecOps practices within his corner of US DoD, his ability to achieve larger scale projects was being hampered by institutional inertia.
"I told my leadership that I could have fixed Enterprise IT in 6 months if empowered," he wrote.
Among the USAF's sins-according-to-Chaillan? The service is still using "outdated water-agile-fall acquisition principles to procure services and talent", while he lamented the failure of the Joint All-Domain Command and Control (JADC2) to secure its required $20m funding in the USAF's FY22 budget.
He was also quite scathing about the USAF's adoption – or lack thereof – of DevSecOps, the trendy name for efforts to make developers include security-related decisions at the same time as product-related decisions when writing new software. It appears the service wasn't quite as open-minded as its overseers in the wider DoD.
"There is absolutely no valid reason not to use and mandate DevSecOps in 2021 for custom software," wrote Chaillan. "It is borderline criminal not to do so. It is effectively guaranteeing a tremendous waste of taxpayer money and creates massive cybersecurity threats but also prevents us from delivering capabilities at the pace of relevance, putting lives at risk, and potentially preventing capabilities to be made available when needed whenever world events demand, many times overnight."
Doubtless his full post will chime with anyone else in a senior post at a tech company who eventually becomes fed-up enough not only to quit but also to tell the wider world exactly why.
