In this week’s episode of The Future of Security Operations podcast, I'm joined by Nicolas Chaillan. Nicolas is a security leader who has held several high-profile roles in US federal agencies including Chief Software Officer for the US Air Force and Space Force, Special Advisor for Cloud Security and DevSecOps at the Department of Defense (DOD), and Special Advisor for Cybersecurity and Chief Architect for Cyber.gov at the Department of Homeland Security. He is also the founder of no less than 13 companies, including Ask Sage, a GPT-powered platform that brings Generative AI capabilities to government teams.
Nicolas and I discuss:
Building the US government's first zero trust implementation
Putting Kubernetes on jets and space systems
The challenges of bringing new technologies to the federal government
How the threat landscape will continue to evolve for US federal agencies
The biggest mistakes entrepreneurs make
How cross-team collaboration helped him create meaningful change at the Department of Defense (DOD)
The inspiration behind his AI-powered platform, Ask Sage
The future of AI in security
The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world’s most important workflows.
Where to find Nicolas Chaillan:
Where to find Thomas Kinsella:
Resources mentioned:
Making An Impact: Nicolas Chaillan, CEO Magazine
In this episode:
[02:20] Becoming a self-taught coder at 7 and founding his first company at 15
[05:02] Shipping 187+ technology products as a founder, in verticals as varied as healthcare, retail and banking
[07:08] The biggest mistakes entrepreneurs make
[08:40] His latest product, generative AI platform Ask Sage
[11:30] The challenges of bringing a new product to the US government
[13:45] Building the first zero trust implementation in the government as Special Advisor for Cybersecurity at the Department of Homeland Security
[15:20] Advocating for new technologies at federal agencies
[19:40] Deploying Kubernetes on 50-year-old hardware on the F16 jet
[22:02] Dealing with pushback and internal resistance to change
[24:50] Recruiting colleagues help to establish force-wide DevSecOps at the DOD
[29:00] Becoming Federal Chief Technology Officer at Qualys
[30:30] Reflecting on the changes he implemented while working for the US government
[33:12] Deciding which companies to work with as an advisory board member
[36:40] How the threat landscape will continue to evolve for US federal agencies
[40:50] TikTok as a channel for misinformation and national security weapon
[44:18] Nicolas' predictions for the future of security
[47: 10] Connect with Nicolas
TL:DL? Read Nicolas's take on…
Entrepreneurship:
"A big mistake is thinking that every everyone should be an entrepreneur. It's not for everybody. The biggest mistake I see people make is trying to to do it, despite not having what it takes to do it. It's a very painful, lonely universe to be an entrepreneur, and it's okay to be number two and number three. In fact, they usually make more money than number one!"
The key to success as an entrepreneur:
"One of the biggest mistakes I see is building things in vacuums and raising money without a clear understanding of profits. It drives me insane to see, particularly here in the US, all the VCs raising money endlessly and companies never making profits. If you don't have a clear path to profit, you're not building a company."
Selling AI-powered platforms to federal agencies:
"It's not easy. There's a lot of you know bottom-up demand... and then a little bit of push back from the the top down, from some of the leaders, mostly because of lack of understanding of what generative AI is. Some of them started to wake up and and accelerate the adoption but it's still pretty painful, I'm not going to lie. And it's easier for me, obviously, because I know exactly what's required to be able to run on government systems, because I was the Chief Software Officer."
When I started talking about containers back in the Department of Defense (DOD) - to IT teams, not just random people! - they thought I was talking about shipping containers to Afghanistan, not software containers. So there was a big gap of understanding of the basics of, you know, commands, containers, all that stuff.
Essentials for selling software to security teams in the US government:
"One of the key aspects is making sure you're able to be deployed air-gapped, you can run anywhere, so we deploy on Kubernetes, containerize, we're not bringing SAAS services, it's all stuff that can be deployed without internet."
The challenge of changing course in government agencies:
"The government usually is very vague and and very bloated. I was trying to bring architecture that people can actually deploy with a list of tools and inexpensive ways to get it done, removing the barrier to entry, and streamlining the process. I think we did a pretty good job with the architecture. We were able to show exactly what could be done, and moving to zero trust was saving the teams a lot of money, by having more inexpensive ways to get things done, and bridging the gap between cloud and on-premise."
Putting Kubernetes in space:
"The first thing we did was deploy Kubernetes on the F-16 jet - 50-year-old hardware running Python, on something that used to run C and Assembly. That was a big win in 45 days. And then we moved to B-21s and F-35s and F-22s and ships and really, the sky was a limit. And then we did space with the first deployment of Kubernetes in space with SpaceX. We we did a lot of pretty cool stuff."
We had to to bring everybody to 2020, when they were stuck in the 1960s. But once you take the time and you bring people with you, then you have momentum. We created the biggest coalition of the willing. Then everybody started to get it.
Cross-team collaboration:
"One thing I had going for me was that I didn't care about rank. While I was a three-star general equivalent, I didn't care about rank, and so I would work with unlisted and lower ranks to get stuff done, and I would look at expertise over rank, empowering people to get stuff done. And so we started to merge so many different engagements that used to be done in vacuums across the DOD. We had dozens of teams building DevSecOps stacks for their own use."
TikTok:
"It's way more than a channel for misinformation, it's a national security weapon. People don't realize what kind of data they extricate from their phones... Of course, it can be used for misinformation, but it can be used to really understand the population and how to manipulate them... It sounds like movie stuff. But but it's actually already happening in big Fortune 500 companies."
The future of security:
"I think it's going to completely shift from mostly humans to mostly AI. And I think it's going to be scary. It's going to be a velocity that's unattainable for humans to keep up with. You have malicious actors now using AI to create zero days and malware, the velocity of new vulnerabilities is going to go crazy, to a point where you cannot keep up with humans, and you have no choice but to use AI to fight back. And we're going to always play this catching up game and the malicious actors are always going to be leading."
Listen to more episodes of the Future of Security Operations podcast.