Software architecture matters. Systems that are designed so you can change small pieces without having to change and test the whole thing again — “you can’t understate the importance of that,” explained Alan Hohn, Lockheed Martin’s Software Factory chief engineer.
It’s one of the examples Hohn gave as a best practice he wished he knew about cybersecurity considerations early in his career.
“Technical debt is hard to address,” Hohn said during an SC Media eSummit with Editor-in-Chief Jill Aitoro. “We are finding it so much easier to integrate new ideas and new capabilities into systems that we built from the ground up to operate in this kind of continuous integration, continuous delivery environment.”
Hohn said his team found that it would’ve been easier to take the time to make security corrections as they worked. Since making that adjustment, however, Hohn said a project can start from zero to a full pipeline, with test and security scan, within 20 minutes. New programs kick off with that approach, said Hohn, “but we are definitely still correcting for some early cases where we didn’t always do that.”
To avoid a mountain of adjustments waiting for security teams once they get looked into a project, causing a virtual standstill, Hohn said it’s important to integrate security experts into the team from the beginning to find the balance between speed and security.