Moving at speed with software advancements
"The first step is realizing that the first decision you make won't be your last. There's not a perfect solution out there. There are a lot of variables to consider when we build a system or solution. We can't just pick the hot new thing because it might not be mature enough or it might not work in our customer space." - Paul Burnette."
There's a lot of care and big decisions that go into successful software planning for an organization. Changes in the software world happen at an astounding pace. It's not only important to pick the right solutions for today, but also to think about resiliency in the future. Not to mention finding the right solutions that fit in with the tech landscape already present in an organization without sacrificing practicality or efficiency. Today, Paul Burnette, Vice President of the Software Accelerator, and Drew Formica, Software Architect at Leidos join to share why it's so important for organizations to keep up with software tech and how they can do it in a way that keeps workflows fast and ready for the future.
On today's podcast:
- What is Mission Software
- The importance of keeping up to date with software
- Why looking to the future is crucial when finding solutions.
Paul Burnette: We know that things are going to change in the future at an even greater pace. Today's fast is tomorrow is slow, so we have to continue to move faster and faster all the time, every time we take another turn of the crank.
Shaunté Newby: The tech industry changes every single day. It's already enough to keep track of all the different physical hardware like updating your phone or computer every couple of years. But when it comes to software, things seem to move at lightning speed, and the speed just keeps picking up. That's what you just heard
Paul Burnette, vice president of the software accelerator at Leidos, talk about. Unfortunately, keeping up isn't just about staying with the latest trends. It's a matter of safety.
Paul Burnette: The operators of the Colonial Pipeline had to shut down the system to prevent the rest of the system getting infiltrated. Of course, by shutting down the system, it stopped the flow of gasoline from the Gulf of Mexico to the entire East Coast.
Shaunté Newby: Events like these are informing how we change and adapt our cyber security.
Drew Formica: We have to design our systems to validate access at all levels of the software.
Shaunté Newby: That voice is Drew Formica. He's a software architect at Leidos. Today, both Drew and Paul join us to tell us about mission software and how Leidos works to keep organizations ahead of the software game in a way that works for them.
Shaunté Newby: My name is Shaunté Newby. This is Mindset, a podcast by Leidos. In this series, our goal is to have you walk away from every episode with a new understanding of the complex and fascinating technological advancement going on at Leidos. From space IT, to trusted AI, to threat inform cybersecurity, we've got a lot going on, and we're excited to share it with you.
Shaunté Newby: Paul, can you tell me what you do at Leidos?
Paul Burnette: As the director of the software accelerator, I really have the job of advancing how Leidos does software holistically. And that's pretty broad because software is a pretty big topic. But, in general, I'm trying to advance technology, trying to move processes, best practices forward and everything that Leidos does revolving around software.
Shaunté Newby: Drew, what about you? What do you do at Leidos?
Drew Formica: I am a software architect, and I help build and design reusable technology to be used across the corporation in the lines of business. Then, I go out and work with teams to utilize that technology in their various solutions spaces, as well as understand the challenges that they're having in their particular domains to find a way to bring that back up and abstract it and make it reusable across all of our customer spaces.
Shaunté Newby: So, why are you passionate about this work that we're about to talk about today? And I'll start with you, Paul.
Paul Burnette: The easy answer for me is software is everywhere. I know we'll get to this, but we talk about serving the mission and achieving an end. I'm a big believer that software is there to accomplish a job, to do something. It's all about, in the end, the person that's using the software. We're building things that affect how people live, how people do their jobs, how we keep people safe, how we keep systems safe. So, really, software, for me, is kind of the gateway to accomplishing all those things, and it's really becoming foundational to really how we live our lives from a technology perspective and just from a day-to-day perspective.
Shaunté Newby: All right, Drew, what about you?
Drew Formica: Yeah, I'd have to agree with Paul that the end user and the mission are really what drives the passion. When you're able to build something that helps folks get their job done and serve a larger mission, that's really the driving force behind it. The fun part about that as well though is that technology changes. As a lifelong learner, I love that there's always something new to research, to understand because when that comes out, that allows us to build solutions that are more secure, more resilient, and more efficient, which then, in turn, helps our end users and support the mission.
Shaunté Newby: All right, well, thank you for that. Let's take some time to talk about the mission and why we should care about it. Paul, can you tell us a bit about what mission software is and why it's important?
Paul Burnette: Mission software, quite simply, when we say the word mission, we mean that job to be done. In the security detection and automation realm, it's making sure that we're scanning people, we're scanning their bags, we're making sure that the things that make it through airports and security checkpoints aren't bad. That's part of the mission. When you're talking about command and control, you're talking about interacting with different sensors and system actors to make sure that they are making timely decisions on which people's lives depend.
Paul Burnette: So, when we say mission, it's really about what is the thing that we're trying to accomplish, whether that's national security, national defence, cyber security, gate security, physical security. A lot of those things rely on software to do those checks. So, for us, the mission is what's the end goal that we're trying to achieve. And that's why, as we kind of already said, we're passionate about solving the mission. In the end, the end user, the mission, that's the thing that matters. All the tech is pretty cool. It's fun to play with, but, in the end, we've got a job to do. And it comes down to the mission.
Shaunté Newby: Right, and the things that you described to me, it sounds like these are the things that if it goes wrong, it's loud, but if it's going well, it's quiet and peaceful security, getting through the airport.
Paul Burnette: The best software is the software you don't see or don't think about.
Shaunté Newby: Okay, I like that. Drew, so how do you work with clients to solve these problems?
Drew Formica: Simply put, we collaborate with our customers. We work with them to understand their pain points, what's their current solution, what's their current technology that they have in place, what are their mission goals, where are they trying to get to, what efficiencies are they trying to achieve. And once we understand that, we can share with them our vision for where we're going to help take them.
Drew Formica: Then, we come back. We come up with designs. We collaborate across other teams, across the corporation to find out have we solved similar problems before, is their technology that we already have that we could apply. Really collaborating across the corporation as well as with our customers and having them side-by-side as we build the system is how we make sure that we end up with a solution that will meet their needs.
For example, I'm currently in the UK supporting our civil business, and we're looking at their current product solution, helping bring in existing corporate capabilities that are adaptable and reusable to help the resilience of the system. Really working side-by-side with our customers and leveraging the diversity and talent that we have across the company is really what allows us to deliver modern solutions that leverage the latest technology and design patterns.
Shaunté Newby: So, Paul, you talked about how software is everywhere, and it evolves so fast. With that in mind, how important is it to think about the future changes that will inevitably come when working with clients?
Paul Burnette: Yeah, so software is everywhere. The quote that was made in 2011, which seems like forever ago from a technology perspective, but Marc Andreessen said, "Software is eating the world," in 2011. So here we are in 2022, we're starting to plan for 2023, and software hasn't just eaten the world, it's on its third or fourth course and maybe even getting ready for dessert.
Paul Burnette: The reality is that because software has taken over the world, and everything is defined by or utilizes software, it really involves every aspect of technology change. When a piece of hardware changes, the software has to change with it, and a lot of this boils down to the great power competition. Because of motivating factors, such as our near-peer adversaries, they're advancing their technology space, and it's pushing on us from a national security perspective. They're also adding capabilities that are requiring our hardware systems to adapt and try to accomplish new missions at a pace that we're not yet really ready for. We're not yet really used to living to that pace.
Paul Burnette: Combine that with something that Drew mentioned earlier, technology itself has accelerated. We're all familiar with Moore's Law and processors getting faster and faster, but the reality is that there are more startups in the past five years for software companies than there have been in the previous 30. So, software is becoming the new landscape for how technology is shifting. For us, we have to keep pace with the new technology. We have to keep an eye on our adversaries, what they're trying to do to affect our systems, whether to deny or disrupt or cause problems here in the U.S.
Paul Burnette: It's all facets of our mission here at Leidos, trying to solve these problems. We're trying to keep our arms around the technology and continue to accelerate how fast we can accomplish adapting the mission. The new problems, and really the reality again that Drew already alluded to, we know that things are going to change in the future at an even greater pace. Today's fast is tomorrow's slow, so we have to continue to move faster and faster all the time, every time we take another turn of the crank.
Shaunté Newby: Yeah, it is pretty fast. It seems like something that was hot and new, and then the next day you're like, "Yeah, that's old. We're onto a new version of it."
Drew Formica: Our approach to designing software systems is really around building them to absorb that change that we know is coming. Because the technology landscape changes so quickly, we have to make sure that we don't lock our solutions to a vendor or a particular technology. We have to make sure that our systems are modular, they're open, and they're standards-based, so when new technology shows up on the scene, we can easily update our solutions for our customers to take advantage of the features and efficiencies that they bring.
Meaning of Life Clip: It's available on Betamax, VHS, and Super 8.
Shaunté Newby: I'm going to take you back in time, back before we knew the VHS would reign supreme over Betamax, back when some thought laser discs were going to be the go-to format for video and even audio. Looking back, we may think it was always obvious that VHS was going to dominate, and that laser disc would barely be remembered by the general public, but who can really blame the people who got it so very, very wrong?
When you're constantly being presented and marketed new tech, there's always a good chance you'll make the wrong call. A lot of Zune owners were sure iPods were inferior. All right, I'm done with the nostalgic tech references. The point is, for the average user, it can be really difficult to determine what tech is the right one to invest your effort and money into. Thankfully, Paul, Drew, and their team at Leidos are experts. I had them explain their strategy and thinking to make sure they make the right choices.
Drew Formica: The first step is realizing that the first decision you make won't be your last and that there's not the perfect solution out there. There are a lot of variables to consider when we build a system or a solution. We can't just pick the hot new thing because it might not be mature enough, or it might not work in our customer space. Tangentially, if you think about when Tesla showed up on the automotive scene a decade or more ago, that was an innovative technology, but it wasn't ready for the masses yet. Not everyone had the infrastructure in their area to charge the cars. People had commutes that outdid the range of the vehicles, and Tesla had production issues, so quality issues that were there.
Drew Formica: The same is true in software. As we're evaluating new technology, we have to understand where our customers are, where the solutions are going to be deployed, so that we choose the right tech. Is it mature enough? Is it resilient enough to be operating in this space? Once we understand that, and we sift through the buzzwords and the jargon of all the new tech, we can build a system that is right for our customers. But as previously stated, we build it in a modular way so that as that new technology that we know is out there but not quite ready yet, when it does mature and it's ready for whatever we're deploying to, we can bring it in and take advantage of it.
Shaunté Newby: Paul, can you talk a bit about some of the other challenges you face?
Paul Burnette: A long, long time ago, making decisions around software was whether or not you used Ada or Fortran, and some of the decisions were pretty simplistic. First of all, things have come a long way since then. We've got a lot more aspects to the technology space to be considered. Software is literally now defining our networks. It's defining our infrastructure, not only how we build our application, but how the applications exchange information, how we secure those applications, and then, oh, by the way, things like AI themselves have given rise to entirely whole sets of software technologies focused on those domains.
Paul Burnette: In addition, because a lot of our, especially our federal, customers have large investments in legacy systems, a lot of the systems that we are dealing with are some of those old technologies. No kidding, things like Fortran and Ada are still out there, and we have to work with our customers to transition those things to more modern software technologies. The legacy capability, the legacy transition as a part of a larger digital modernization strategy is really one of the things that we're spending a lot of time and effort on how to make that a smooth transition, how to bring that adaptability that Drew was referring to, knowing that the next technology decision won't be the last one that we have to make.
Paul Burnette: So, how do we introduce that flexibility, that adaptability to our customers that are still dealing with some of these legacy and even monolithic systems that are on servers and racks that are in a closet somewhere in the office building? There's also the mindset. There are still a lot of very, very good, talented engineers that are servicing capabilities that haven't yet made or had the opportunity to make the mindset shift, really the pace at which software is moving. Some of that is potentially lack of exposure, but a lot of it is because things are working so why change them? So, adopting that mindset of embracing change, embracing the change of the technology, change of pace is really important and something that I think, culturally, we hear at Leidos. Something we hold really, really dear, is that realizing our customer's job, supporting and enabling the mission is never done.
Shaunté Newby: You just took me down IT memory lane when you mentioned Fortran. I'm like, "Oh, my gosh. I programmed in Pascal and COBOL, and all this stuff back then. Now, I'm really telling my age.
Napolean Dynamite Clip: There's just so many options.
Shaunté Newby: We've already talked a bit about Betamax versus VHS and Zune versus iPod, but even 21 years ago, when the first iPod came out, the tech world was a completely different place. Choices were there, but there weren't nearly as many, especially when it comes to software. Today, it would be near impossible to even count how many software services and tools are out there, and the industry keeps growing. It's a new frontier, and it's not an easy one to navigate. I was curious if this was a challenge for the clients Paul and Drew serve.
Paul Burnette: 10 years ago, absolutely. However, really since Marc Andreessen made that prophetic statement, software's eating the world, the world really has changed. Drew brought up Tesla. People are now comfortable and familiar with the fact that Tesla's updating their cars, perhaps overnight. They send you a new update, and it downloads and installs on your car. The next thing you know, you're running with a software patch.
Paul Burnette: The idea that software is driving more and more of the world is becoming commonplace. We have smartwatches. We have our phones. The things that we do with our phones are more powerful than what the space shuttle could do. So, it's becoming much more widely accepted that software is really driving a lot of what's happening in the technology space. 10 years ago, yeah, they would've been really caught off guard. Now, it's becoming more of the norm, and it's exciting.
Paul Burnette: Actually, even here at Leidos, the software accelerator itself is only into its second year. Realizing that it's become a central foundational element of the technology space and the problems that we have to solve, it's really indicative as to how we're pivoting to take that central to our mission. I think our customers are coming along with us, and we're seeing that in every space, every federal space from civil, to intel, to health, to defence customers. They're all recognizing that software's really becoming a much larger piece of their overall solution space.
Drew Formica: To that point, Paul brought up the fact that software is now well understood in our space, and he talked about updating cars overnight. If you think about where our customers are, they're using our software systems. Speed is now very important. I don't want to wait six months for an update for a bug on my Apple Watch. That's something else that our customers are expecting from us and becoming accustomed to is how quickly can we deliver our capabilities.
Shaunté Newby: Yeah, and again, you made me think back to when pushing out patches and updates, it was like an act of Congress to update software. Now, we're all in the mindset of give me my update when it comes out. I don't care. I don't even need you to tell me what it is. Just whatever the fix is, push it out immediately.
NBC News Clip: Tonight, a complex and sinister mystery. “This is one of my worst nightmares come to light.” A crippling cyber attack that forced a major U.S. Energy pipeline offline Friday. Cyber intruders inserted ransomware inside systems of energy giant Colonial Pipeline, making demands for payment.
Shaunté Newby: In May of 2021, America experienced the largest cyber attack on oil infrastructure in the history of the country.
Paul Burnette: Quite simply, the Colonial Pipeline hack was a ransomware attack, where a nefarious actor took advantage of a vulnerability, exploited that vulnerability, stuck in some ransomware that really took control of some data, and threatened to make its way into other parts of the system. As a result, the owners, the operators of the Colonial Pipeline had to shut down the system to prevent the rest of the system getting infiltrated from that ransomware and to prevent a potentially even worse, more dire disaster. Of course, by shutting down the system, it stopped the flow of gasoline from the Gulf of Mexico to the entire East Coast.
Shaunté Newby: The perpetrators demanded a ransom of $4.4 million, which was paid with FBI oversight. It was a devastating attack, and the impacts it has had on the cybersecurity industry are ongoing.
Paul Burnette: That's representative of a non-resilient system because the only solution to fixing the problem was to shut the system down, basically stopping the mission. That's a key example of how we could not continue the mission because of a software vulnerability.
Shaunté Newby: Should this major event inform our approach to cybersecurity, and is there a current software mindset that would have prevented the amount of devastation it caused? I asked Drew.
Drew Formica: I think really what we learned from that incident was that securing the network really isn't enough and that we need to know what's in our software because we need to know the dependencies that we have so that we can understand what our risk profile is when new vulnerabilities are identified. It also reinforced that we have to design our systems to validate access at all levels of the software, across systems, down each system.
Drew Formica: For example, if I have access to a system, that doesn't necessarily mean that I should have access to all services in that system, or even all of the records that that service can provide me, even down to the level of, I might not need access to all of the data attributes on a particular record. So, by limiting the access to certain fields, by knowing what vulnerabilities we have, and understanding your baseline, we're able to secure our data and access to parts of the system so that if a bad actor gains access somewhere in your network, somewhere in your system, we're able to isolate and compartmentalize them and not let them move horizontally throughout and carry on with parts of the mission, isolating and stopping the one area that they got into.
Shaunté Newby: Sounds like zero trust, right? It is.
Drew Formica: Yes, it most certainly is.
Shaunté Newby: Is this a moment in time that you consider when helping clients prepare?
Paul Burnette: Absolutely. What Drew is digging into is really pushing to the point of ... If we start stitching together the mosaic that we've been describing so far, security is important. We have to secure software. Security doesn't simply stop at the network. The concept of zero trust moving all the way through software is critical. We talked about adaptability, the knowledge that software has to change. Some of those changes, you're proactively changing to remove risk or to reduce vulnerabilities that you're aware of before they actually become exploited.
Paul Burnette: Then, lastly and maybe most importantly, is the mentality of bend don't break. Colonial Pipeline broke. We had to shut it down, so the third king of software adding to security and adaptability is resilience. The method of bend don't break, being able to continue to operate the mission, being able to isolate, cordon off, and restrict access in a way that lets us still accomplish the mission. Maybe it's degraded. Maybe we don't have the same throughput or the same overall capabilities. Maybe we're not able to provide as much gasoline through the pipeline, but if we're resilient, we still have the ability to operate and at least keep the mission going.
Paul Burnette: That line of thinking is really where we go when talking to clients and working with clients to make sure that we're moving them towards is really how do we secure you, how do we make your capabilities more adaptable to take advantage of new technologies in the horizon. But then, also how do we make sure that we build your system in a resilient way so that you can continue to operate in the face of a cyber event, in the face of physical damage, in the event of anything happening that could potentially reduce the overall outcome of the mission?
Shaunté Newby: This reminded me a lot of our conversation with Meghan Good about beyond compliance.
Meghan Good Clip: And that's part of this mindset too, is that you're assuming breach, much like in zero trust. That way, you're awaiting it, but you already have mechanisms in place to help you in that situation. So, you're paying for that part upfront so that later, you're ready.
Shaunté Newby: The phrase I like to use is, pay for it now, or pay for it later. If you want to hear more about beyond compliance and how it intersects with this conversation, I recommend checking that episode out next. For now, let's look ahead. Current trends are telling us that data software is going to continue to grow and play a large role in the future. I asked Paul and Drew if that was something they were excited about. Here's what Drew said.
Shaunté Newby: When looking at current trends, it's clear that data software is going to play a big role in the future. Is that something you're excited and prepared for?
Drew Formica: Oh, yeah. Software, it reacts to and interacts with data. It manipulates data. And what I find exciting on what we're dealing with now is the speed and access that we have to data in the world. With technologies like 5G coupled with embedded software on devices and sensors, we can capture and compute at the edge, providing tactical decision support and make decisions on the data that you have at the point that you're collecting it. But you can also share it up to the cloud, up to the enterprise so that you can analyze it. You can build models against it so that you can change your strategic approach based on the data that you're getting in real-time.
Drew Formica: So, securing all of that data, making it available at the edge to the enterprise is what really excites me. Simply put, the speed at which we can collect and share and act on data in a secure, resilient manner is really what excites me about the technologies that we have access to today.
Shaunté Newby: And what about you, Paul? Is there anything you're excited about?
Paul Burnette: A lot, obviously, if that's not evident through both Drew and I talking through this stuff. Because software's eating the world, it's also weaving into and out of a lot of other technology spaces and technology domains. The term digital engineering has been kind of trending for several years. The idea that we can operate software against digital twins, digital replications of systems, and we can actually test and understand how the software is going to behave for real in operational environments without actually having to deploy them to those operational systems, is very akin to what we accomplished a long time ago with computational fluid dynamics in the aerospace world. It's really expensive to build a plane and test it by actually flying it. You'd much rather put it into a simulation.
Paul Burnette: Well, we can get better, more resilient, more secure, more adaptable software if we're able to test it in a digital environment because software is already digital. The limitation has been our ability to replicate how systems behave in the physical world. So, at the rise of things like gaming technologies, synthetic environments, the whole concept of the metaverse, that is leading to new ways of being able to design, test, prove, validate, and verify software to accomplish the mission to all those ends that we've really been talking about.
Paul Burnette: Additionally, because of that, and I mentioned this before, but software is creeping into all the other spaces. It's no longer artificial intelligence. Artificial intelligence is frequently realized by building software. Things like cyber security are now talking more and more. It used to be about just, "Hey, how do we stop hackers from hacking the network?" We're realizing, as Drew pointed out, how we protect software is just as much of a cybersecurity concern as how we protect the hardware of the network and the other bits and pieces of the infrastructure.
Paul Burnette: Really the merging of all these separate technology domains with software is really where the interesting problems are to solve next. How do we advance the state of software, make things like AI, more achievable, more reachable? How do we utilize our expertise in data to take advantage of customer problems and find new insights, new ways of reducing the risks that are inherent in their mission, but also the overall quality and capabilities we can deliver to the end users through the software that we build?
Shaunté Newby: In brief, we've learned that the software world runs fast. That means a lot of options, and it means consistent new potential threats. That's why Paul and Drew work every day to adapt and look to the future to help organizations make the best choices. If you want to learn even more, you can visit leidos.com/software.
Thanks again for joining this episode of Mindset, a podcast by Leidos. If you like this and want to learn even more about the incredible tech sector work going on to push humanity forward, make sure you subscribe to the show. New episodes will be live every two weeks. Also, feel free to rate and review. We're always excited to hear your thoughts on the show. My name is Shaunté Newby. I'll talk to you next time.