DoD's First Chief Software Officer Resigns in Frustration(secureworld.io)
secureworld.io
DoD's First Chief Software Officer Resigns in Frustration
https://www.secureworld.io/industry-news/chief-software-officer-resigns
43 comments
Like safety, security is a cost centre with catastrophic penalties for getting wrong. Absolutely any attempt to run it like we run other parts of an organization is a guaranteed way to create a disaster.
P.S. “Things so true they’re nearly physics” might be my favourite line this year.
P.S. “Things so true they’re nearly physics” might be my favourite line this year.
> Like safety, security is a cost centre with catastrophic penalties for getting wrong.
The main problem is that this cost center does generate any revenue. Try to explain this to a CFO.
The main problem is that this cost center does generate any revenue. Try to explain this to a CFO.
While I probably agree, why can't the Major just be the project manager and he or she consults daily with their trusted, deeply responsible technical advisor who is actually from the industry?
Former USAF officer here. Part of the problem is that a Major or Lt Col does not have the rank or budget necessary to pull off a project of that scale. They are still too low on the chain, and too easy to override and then scapegoat when the project fails. Moreover, the officer system is "up or out" meaning that a field grade officer will always be incentivized to prioritize short-term paper gains over long-term strategic gains. This is a bad thing when designing critical infrastructure. A more senior officer with longer tenure and a bigger budget (i.e., a General or SES) needs to run a project intended for millions of users in a defense context.
Appreciate the perspective, I didn't realize that there was much higher up to go :) Makes sense!
Seems ripe for exploitation.
What's stopping the PM-but-really-Major from invoking chain of command and making overriding decisions? In an org like the military I'm not sure you could just say "please act like a PM and don't make broader decisions" to someone with seniority and expect them to not exercise their authority, unless you actually revoke their authority.
Or, what's stopping the Major from installing a friendly and symbolic tech advisor? Stranger things have happened than bureaucrats hiring and building departments designed to do nothing but legitimize and push forward their own agenda.
What's stopping the PM-but-really-Major from invoking chain of command and making overriding decisions? In an org like the military I'm not sure you could just say "please act like a PM and don't make broader decisions" to someone with seniority and expect them to not exercise their authority, unless you actually revoke their authority.
Or, what's stopping the Major from installing a friendly and symbolic tech advisor? Stranger things have happened than bureaucrats hiring and building departments designed to do nothing but legitimize and push forward their own agenda.
Because the major is unqualified to evaluate the guidance they receive. Same reason we don't randomly pick our battlefield generals from a pool of chimney sweeps.
My favorite is Sakurada, the cybersecurity expert who's allegedly never touched a computer. Can't hit what you can't see!
https://www.bbc.com/news/technology-46222026
https://www.bbc.com/news/technology-46222026
If everyone followed his lead, cybercrime would cease to exist. He's leading by example
Ironically a cybersecurity expert would know nothing is secure and not have a computer
When our top lawmakers are bringing in tech CEOs to grill them on 'ending finsta' I think maybe we need a complete rethinking of how we address cybersecurity and tech in general.
Craggy Senator to HN: Tell us how you would end finsta?
HN: OMG LOL finsta's not a product GTFO
vs.
FAANG interviewer to HN Interviewee: Tell us how you would end finsta?
HN Interviewee: Preventing users from signing up with secondary, pseudonymous accounts is of course a difficult problem. However, by using the following three sets of simple and anonymized data, I believe we can not only easily automate correlation of these accounts for the vast majority of cases, but if you'll hand me the marker I'll give you the pseudocode which can be abstracted to restrict any subset of users based on any underlying...
HN: OMG LOL finsta's not a product GTFO
vs.
FAANG interviewer to HN Interviewee: Tell us how you would end finsta?
HN Interviewee: Preventing users from signing up with secondary, pseudonymous accounts is of course a difficult problem. However, by using the following three sets of simple and anonymized data, I believe we can not only easily automate correlation of these accounts for the vast majority of cases, but if you'll hand me the marker I'll give you the pseudocode which can be abstracted to restrict any subset of users based on any underlying...
Why not repost the original LinkedIn post? I don't see what value this piece aims to add
Surprised that the DoD cannot contractually gag a high-level departure from sharing internal dirty laundry like this, as an issue of national security, when your typical corp would without a doubt suppress this kind of public lamentation. Does not look good for the US on the world stage.
That’s crazy, he is a public employee of a government whose legitimacy is supposedly derived from the consent of the people. He absolutely should share with the public what he sees as the shortcomings of his office.
In principle that’s ideal and commendable, when all is well; this is unfortunately a detrimental symptom of a high-functioning democracy in a declining empire.
[deleted]
> Surprised that the DoD cannot contractually gag a high-level departure from sharing internal dirty laundry like this, as an issue of national security,
Why waste your time on a civil contract when you can classify something and put the departure in prison for a very long time for disclosing classified information?
Why waste your time on a civil contract when you can classify something and put the departure in prison for a very long time for disclosing classified information?
Yeah, every corp out there would have a non-disclosure/non-disparge clause before receiving that shiny parachute being dangled in front of you on the way out the door. The problem is that with the military, that door might be 30k in the air so that 'chute might be pretty tempting!
Guess the military hasn't had much need recruiting legal minds.
Guess the military hasn't had much need recruiting legal minds.
"The best minds are not in government. If any were, business would steal them away." -Ronald Reagan
I've got a lot of issues with him, but this quote is spot on.
I've got a lot of issues with him, but this quote is spot on.
it really isn't, there's plenty of very smart people in the gov and it's incredibly short sighted (just as reagan was) to assume that less money & more restrictions in how the job operates = lower quality worker
One of my many issues with him is that his quotes are trite nonsense.
Not everyone is solely motivated by money, some of the most important work anywhere is in government, and there is fundamentally nothing preventing a government from getting the best workers for the job.
Reaganism is just pessimistically giving up before you even try, and when ~half of the two parties believe it without doubt, it's self-fulfilling. They believe that government cannot do anything well, and then set out to prove it.
Not everyone is solely motivated by money, some of the most important work anywhere is in government, and there is fundamentally nothing preventing a government from getting the best workers for the job.
Reaganism is just pessimistically giving up before you even try, and when ~half of the two parties believe it without doubt, it's self-fulfilling. They believe that government cannot do anything well, and then set out to prove it.
Depends on the government. Kennedy was able to poach McGeorge Bundy and McNamara (who also recruited Daniel Ellsberg, another member of the Harvard Society of Fellows) from the private sector, as well as enough scientists and engineers to put people on the moon. McNamara had worked for the government before that during World War 2, as well as the entire team of Manhattan Project scientists. The quality of applicants to government jobs took a tumble after the Vietnam era.
Singapore's government pays well enough to compete for top talent against the private sector, and I have no doubt that China is capable of staffing high priority government projects well also.
Singapore's government pays well enough to compete for top talent against the private sector, and I have no doubt that China is capable of staffing high priority government projects well also.
Isn't every job in China technically a gov't job? If the gov't owns all business blah blah
Reagan being in government shows how spot on the quote is.
[deleted]
I think this is easily refuted by large portions of our government, not least of which is our military. Even if a random Lt. Col. doesn't have enough software experience, they tend to all be damn impressive executives.
People are motivated by more than money. I certainly am, and would be far wealthier if I was only middling on career paths that use similar skills. In the end, talented people (and less talented people) have strong opinions about what they work on when given choices, and money is not the sole consideration.
People are motivated by more than money. I certainly am, and would be far wealthier if I was only middling on career paths that use similar skills. In the end, talented people (and less talented people) have strong opinions about what they work on when given choices, and money is not the sole consideration.
That's just projection.
"I don't care about anything as much as money, so I know no one else does either."
"I don't care about anything as much as money, so I know no one else does either."
You want a government where you aren’t able to hear bad news from within the government? Companies can go out of business… governments generally don’t.
Discussed two months ago:
https://news.ycombinator.com/item?id=28408399
https://news.ycombinator.com/item?id=28408399
That is one of the most interesting comment threads I've ever read on this website. It's like an in-house DoD drama played out in real time here on HN.
> I do have a clearance as well and yes sorry I didn't let us get locked into Pivotal like you did and cost taxpayer millions.
Probably not cleared any more.
Probably not cleared any more.
Title should be updated to include "[September]", my first thought was "Already?!" :)
Link to CSOs resignation post the article is referencing https://www.linkedin.com/pulse/time-say-goodbye-nicolas-m-ch...
Link to CSOs resignation post the article is referencing https://www.linkedin.com/pulse/time-say-goodbye-nicolas-m-ch...
He responded to comments in that thread here: https://news.ycombinator.com/context?id=28410812
> In only 3 years, we were able to bring Kubernetes on weapon systems, including jets and space systems, where we demonstrated that containerization was not only possible but game-changing on Real-Time OS and legacy hardware.
Docker on fighter jets. Now all we need is NodeJS on nuclear submarines.
Docker on fighter jets. Now all we need is NodeJS on nuclear submarines.
> Docker on fighter jets. Now all we need is NodeJS on nuclear submarines.
We have electron/NodeJS on spacecrafts. Close enough.
We have electron/NodeJS on spacecrafts. Close enough.
> Please stop putting a Major or Lt Col. (despite their devotion, exceptional attitude, and culture) in charge of ICAM, Zero Trust or Cloud for 1 to 4 million users when they have no previous experience in that field—we are setting up critical infrastructure to fail. We would not put a pilot in the cockpit without extensive flight training; why would we expect someone with no IT experience to be close to successful?
This is very interesting. It is the 2 sides of the same coin. I have seem many IT projects deteriorate into a convoluted technical mess which solves none of the organizations or stakeholder requirements. However I have also seen top down management from business people destroy projects by their lack of knowledge, and understanding of IT.
IT does not live in a bubble, it has a purpose and those whom manage it should also understand its attributes.
This is very interesting. It is the 2 sides of the same coin. I have seem many IT projects deteriorate into a convoluted technical mess which solves none of the organizations or stakeholder requirements. However I have also seen top down management from business people destroy projects by their lack of knowledge, and understanding of IT.
IT does not live in a bubble, it has a purpose and those whom manage it should also understand its attributes.
"Please stop putting a Major or Lt Col. (despite their devotion, exceptional attitude, and culture) in charge of ICAM, Zero Trust or Cloud for 1 to 4 million users when they have no previous experience in that field—we are setting up critical infrastructure to fail."
Past that, there are some other people who shouldn't ever get near cybersecurity management - legislators. Specifically the majority who are willfully clueless.