The Use Case for Commander's Intent in Cloud Security
Nathan Boston
Next-Gen Security Specialist | Palo Alto Networks | Securing the Digital Future with AI-Driven Cybersecurity
"Chaos"
I just finished the book “CALL SIGN CHAOS” by James Mattis.? For those who don’t know General or Defense Secretary James Mattis, he is often regarded as the most renowned military leader in recent history of our nation.? I served under General “AKA Mad Dog” Mattis in my tours to Iraq and had the opportunity to observe him as a part of a forward division communications and command element during the initial invasion of Iraq in 2003. A Marine’s Marine, he knew how to lead and communicate up and down the ranks. While he earned the call sign as Colonel leading a battalion, I would gather the names fit due to his brash and direct approach that wasn't always politically correct but many of his Marines found true. Moreover, he had a presence of being able to drive intense respect and decision during times of complexity from his officers while having an innate ability to connect with his enlisted Marines in a way that demonstrated a blue collar persona but also empathy in ensuring they were taken care of and considered- “Marines Eat Last”.
As I worked my way through the chapters I found myself flashing back to times that seems so distant, yet oh so recent. It’s crazy how so many years later those moments and memories he describes come flooding back to mind in detail- the Marines you served with, sandstorms, An-Nasiriyah, Al-Diwaniyah, Ramadi, Fallujah, Tikrit, Task Force Tarawa, Call Signs and voices over the radios of units and commanders (Chaos, Godfather, Wolfpack, and many more). The impact all of these places, people, and events had in shaping you as a person, as a professional, as A Marine. I often find myself reminiscing about the great leaders and lessons I had the privilege of serving with.
Commander's Intent
One specific element of leadership and operations kept coming to mind about The Marine Corps and specifically General Mattis in the book that I recalled clearly. ?He stresses the vital importance of Commander's Intent and it's dissemination as the reference for all ranks to find initiative, action, with sound decision making as they faced the operational complexities in the fog of war. I vividly remember being in Kuwait getting ready to embark into Iraq and receiving General Mattis’ message to all Marines. Our task and purpose were made clear and depicted by being read aloud by our leaders at every level. This message had us all on the same page ready to fight.
My experience in the Marine Corps led to a Major focus in college and ultimately a career in IT and specifically Cyber Security.? My passion to serve and defend against “Bad Guys” has never wavered.? This book and lesson got me thinking about how to apply the principles covered to drive parallel outcomes in the situation I come across today in cloud operations and security. ?Here is a quick write up some might find relevant as messaging to my industry reference.
Cloud Operations and App Security Lifecycle
Transformation
Today we find ourselves in an era of digital transformation requiring us to enhance our skills to support the growth and future of our organization.? We are going to drive new growth by scaling engagement and incentives for our employees and customers through modern applications and software in the cloud. Our mobile world is driving new opportunities for our customers and employees alike. This will require new skillsets and collaboration as?we converge our teams and tools to build the modern manufacturing process that will drive innovation differentiation in the marketplace. ?
Meeting the Challenge:
We will need each of you to take leadership, initiative, and embrace cooperation with open lines of communication to establish new DevSecOps operating procedures.? We will train to become proficient across a Code/Build, Deploy, Run Framework.? It will be critical that the personnel and teams across this framework understand the role each individual and team plays in delivering and securing applications in an efficient manner.? To ensure these outcomes and reduce costs, our foundation relies on process where our developers and security teams will receive training on a standardized technology and security stack that will be used across all teams and applications. ?
领英推荐
Code 2 Cloud with Prevention:
Adversaries are exploiting complexity and lack of process across the application lifecycle.? We will implement consolidation measures across technology and costs leveraging a platform and process approach that will unify policies and governance from Code to Cloud.? Where required, we will understand our most prevalent gaps and create procedures by criticality and policy.? To prevent risk propagation and implement true protection, we will scan our code early and often with standardized tools across applications while requiring prevention capabilities on our application workloads in run-time production. ?
Measuring Success:
We will meet as a team to carry out evaluation of ongoing progress.? We will focus on 3 Key Metrics and establish milestones where we will measure success together: ?
We can only sustain and win the good fight working as one team
"Individual commitment to a group effort—that is what makes a team work, a company work, a society work, a civilization work." - Vince Lombardi
Final Thoughts:
I highly recommend the book for this and other leadership and policy lessons we take away from the experiences of General Mattis- AKA "Chaos".
I have often thought about why we don't see Commander's Intent leadership vision and principle messaging used more often in the civilian world. My hope is that someone can take the principle and might apply the messaging in their role or responsibility as a leader at work or home. More importantly I hope my fellow Americans read the book to learn more about those who have led and served our great nation. Like all, we are a work in progress in need of values, service, forgiveness, and growth through our strengths and shortcomings.
To re-iterate and expand more on Commander's Intent and other Military Leadership resources-> I came across this outstanding LinkedIn Article by Tom Deierlein - ThunderCat Technology CEO and Retired Army Major