Cloud, cyber security & leading in a threat environment without decelerating innovation

In this Q&A, Heath Muchena talks to Ihor Feoktistov, the CTO & co-founder of Relevant Software which operates across Europe & USA offering services ranging from software developments, cyber security, artificial intelligence & machine learning to DevOps. Feoktistov shares his wealth of experience from his software engineering advisor background and explores issues around Cloud, cyber security, and how to lead agile teams. Excerpt:

What are your top 3 ongoing priorities as CTO in your organisation?

Today I can note the following priorities:

• Building a competency control system to ensure the highest quality of our services. Technology and the market are changing, customers come with various requests so this task is ongoing. A skilled team is the core of our company, so it’s the first priority.

• Development of new and improvement of our existing services. As the tech world is rapidly changing, we should too. Now we are increasing focus on cybersecurity as our services and as a way to secure our own assets.

• Knowledge sharing within the company. To grow a strong team, I’m working on creating a knowledge sharing culture with internal lectures, mentorship, and upskill programs.

What are your top 3 tips for leading remote workforces?

• Create defined workflows. By that, I mean creating clear project guidelines for KPIs, teamwork, and reporting, describing your tasks in detail, setting precise tasks, and giving detailed answers. 

• Communication. Leverage face-to-face meetings. Live face-to-face meetings play an essential role in building a solid rapport and personal connection with a team. 

• Avoid micromanagement. Communicate project goals and pain points instead of solutions to them — unless you are specifically asked, or you can see that the team is failing.

What is changing most profoundly in the threat environment and what is your top cyber security best practice tip?

I believe phishing and social engineering are the main threat, the recent case with Twitter proves it. To prevent that from happening to our company, we provided employees with security awareness training. We also created a guide on email security that we shared with a team and clients.

Our company provides software development services and we include security in the SDLC process. We recommend our clients to implement DevSecOps or hire cybersecurity consultants for part-time at least to perform threat modeling and penetration testing to secure their applications early on. We also encourage companies to develop ISMS. This is one of the common practices that helps minimize security risks.

Any thoughts on how cybersecurity solutions for businesses will evolve over time?

I think cybersecurity will become more automated, especially with the rise of AI. The system will be trained to automatically detect and block the attack with big data and machine learning.

Is your business using Cloud? Who is your preferred cloud provider? Why?

Our company mostly builds SaaS solutions, and, of course, we host them in the Cloud. I prefer AWS as it provides a wide variety of tools and fully covers our needs. Here is a list of the tools we mostly use:

• AWS EC2 Elastic Container Service and AWS Lambda Serverless Computing

• Secure Storage (Amazon S3) and Amazon ElastiCache

• Amazon RDB, Amazon Aurora, Amazon DynamoDB and dozens more

• Amazon Service Discovery and AWS App Mesh, AWS Elastic Load Balancing, Amazon API Gateway and AWS Route 53 for DNS

• Amazon SQS for message queuing and SNS for publishing and notifications

• AWS Cloudtrail for API monitoring and Amazon CloudWatch for infrastructure monitoring

• Amazon Container Image Repository (Amazon ECR) and other DevOps tools for enabling CI/CD workflows. 

• Amazon Cognito for user management.

What are the critical points that enterprises need to remember when they consider data storage?

They should at least consider threat analysis and risk assessment.

Where are you on your DevOps journey and how much of it is done in-house and how do you select technology partners for your projects?

We have excellent DevOps and DevSecOps expertise in-house, and we provide DevOps services to our clients while building software for them. Right now, we are focused on implementing security in all areas of our work, including DevOps (DevSecOps), and bringing more automation to CI/CD pipelines. As for our clients, we always recommend building DevOps\DevSecOps based on business needs and cost-benefit analysis. So, some small pilot projects and concepts can be developed and released without any DevOps specialist, and on the other hand our projects can be fully automated with CI\CD and cybersecurity checks.

How do you measure a good Agile team?
I measure the performance of Agile teams by well-known best practices and KPIs:

• Sprint burndown. It helps us meet our sprint estimations and stay on top of it.

• Velocity. This metric shows how quickly a team can complete tasks in the backlog, which helps make more precise forecasts.

• Planned-to-Done Ratio. It’s another metric that trains predictability for better sprints planning.

• Escaped Defect Rate. With this KPI, we track the quality of the Agile team work. It shows how many bugs we produced during the development. You can close tasks quickly, but if you do it with bugs, it makes no sense.

Code Coverage. Another indicator of code quality, which is crucial for us. The code has to be fully covered with tests to minimize bugs on the production.

How do you successfully determine efficiency, reliability, or compatibility with existing systems of hardware and software and what are some effective methods you use to monitor and analyse system performance?

Regarding this, I strongly recommend checking Site Reliability Engineering (SRE) topics and reading books which Google recommends.

Originally posted on European Business Magazine