Articles

Taking a Quantum Leap to Secure America’s Most Sensitive Systems

September 9, 2022

A technology company is only as good as the products they offer. According to Enterprise Security magazine, SteelCloud is a Top 10 Cloud Security Solutions Provider. And our category-leading ConfigOS compliance automation software forms the heart of that award.

As SteelCloud’s premier product, ConfigOS only reduces 90% of the effort and 70% of the costs of STIG/CIS/CMMC policy compliance also innovatively addresses the continual storm of new attacks from cybercriminals. We managed to grab a few minutes with Matt Heimlich, our Director of Software Engineering, and Tao Qin, our Product Manager, to learn what’s going on in the industry and what features capabilities, and innovations you can expect from ConfigOS in the future.

What is top of mind right now when it comes to product development?

MATT: The hot topic in the market right now is post-quantum cryptography. With quantum computing, everything you have that is protected and encrypted is about an hour away from being broken. Cryptography is all math, and quantum computing is good at math. So, today’s cryptography must be hard enough to evade quantum code-breaking but easy enough for routine computing needs. It’s a challenging field. We need better math to secure systems, but we must temper that with everyday systems requirements. We must forget what we know about math in general because the threat is real. Nearly every adversary has access to quantum computing.

Staffing is also a big issue right now. People need a high level of qualification to STIG a system. These people are hard to come by, especially when protecting military networks. Automation not only helps offset the shortage of qualified workers, but ConfigOS is operable by recent graduates and gives them a strong training ground in mandated security processes.

TAO: Another issue is addressing the mind-shift customers to understand their compliance challenges and get the best solution to address their individual issues. Many just automate their scanning and still remediate by hand. The mind-shift is needed to break them out of their habits and move toward automated scanning, remediation, and ongoing compliance. ConfigOS does it all and, we also provide education to help them understand their challenges.

How can the right tool help address critical issues as clients begin to scale?

MATT: Clients have neither the funding nor the education to complete the work manually. These days people are buying hundreds of thousands of licenses. How are you supposed to do all that work by yourself? Without help from automation, I don’t see a reality where things are kept secure. These are real national security threats. Some competing militaries have the human manpower to fund security at the level we don’t.

TAO: Automation is key. Manual processes must shift to automated capabilities, especially for clients who don’t have generous ongoing budgets. We have customers of all sizes, and they need to know ConfigOS is just as effective for large clients as it is for small. We have rethought how we engineer our software for enterprise-scale clients so we can effectively address organizations of every size.

Who are the best prospects for ConfigOS?

MATT: Aside from the enterprise-scale clients, there are some people who only scan systems and have nothing to do with remediation. It may be a mandated separation of responsibilities within their organization, but they only automate the scanning portion of the job. And there are also some people who have felt burned by other companies’ automation software in the past. Solutions might have broken, and apps stopped working. We may have to do some handholding until they realize it’s safe to hit our button.

TAO: The scanning tools that exist are fairly good quality and are often free. But they don’t fix anything. They still need to remediate issues manually, which takes a lot of skill, time, and workforce. ConfigOS is the best solution in the marketplace for scanning and remediation, and its reporting capabilities are also strong.

Where do you get your ideas for new features?

MATT: A lot comes from increased interest from enterprise-level customers. Beyond that, there are things like constantly monitoring the state of the industry for trends, like post-quantum cryptography. In addition, we do get customer feedback and internal feedback. For example, our internal people use ConfigOS for demos and occasionally come up with ideas for new features.

TAO: We get some client feedback, but frankly, you don’t hear much from customers once they have the tool. They are in a classified environment and can’t share much. We also participate in major conferences and have ongoing conversations with industry experts like Gartner and tap their brains to look at the future. Additionally, I work closely with sales and marketing, who bring ideas from the clients, and information about pain points we can address. The ideas are inspired in many ways, but always from a real need in the industry.

What’s next at SteelCloud?

TAO: Right now, we are taking enterprise requirements very seriously and are looking at next generation features and capabilities to address their pain points. We are in the process of developing a next-generation product and are going through the testing phase right now. We can’t talk about what is in development, but it is innovative and well needed.

What makes your jobs gratifying?

MATT: The freedom you to work on things that interest you at SteelCloud is fantastic. We have a solid focus on making people happy and have a home life. That is not always common. Development candidates are often skeptical when I tell them we won’t put them through long hours or crunch times. The freedom I have to run my team like that is fantastic. Another great benefit is that anyone from a QA intern to me can have an idea that the entire organization considers. I appreciate that this is the kind of culture we have. There is room to grow here. I started in 2016 as a part-time security contractor, and they saw something in me that has led me to oversee our development team. I cannot think of another place I’ve worked that enables that. And witnessing the explosive growth of the company since then has been very gratifying.

TAO: It is fun working at SteelCloud. I enjoy SteelCloud’s process of understanding client pain points and working with clients to address them and bring value to their bottom line. I also work with many different departments at SteelCloud and enjoy those different perspectives. It results in a well-rounded product. It’s very rewarding.

When Matt and Tao are not working on refining the world’s best automated cybersecurity compliance solution, you’ll find them optimizing the work-life balance SteelCloud is so good at providing. Matt is a newlywed who does metalworking and has his own blacksmith shop at his home in rural Virginia. And Tao spends his free time working on his French (over 700 days of consecutive learning!) to add to his fluency in Chinese and English.

To learn more about Matt, click here or read his LinkedIn profile.

To learn more about Tao, click here or read his LinkedIn profile.

Share This Resource:

cryptography / cybersecurity workforce shortages / DevOps / eMASS / Matt Heimlich / quantum computing / rmf accreditation / SCAP / security compliance checker / stig remediation / Tao Qin

Compliance Scanners Only Do a Small Part of the Job Prev post

Industry Era Magazine Names SteelCloud’s CEO, Tony Caputo, among the Top 10 Inspiring Leaders Next post

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

What is top of mind right now when it comes to product development?

How can the right tool help address critical issues as clients begin to scale?

Who are the best prospects for ConfigOS?

Where do you get your ideas for new features?

What’s next at SteelCloud?

What makes your jobs gratifying?

Resource Library

Recent Resources

Featured Resources

Visual Guide to System Hardening and Automation

How to Harden Systems Easily and Affordably

VIDEO: How to Overcome Budget and Staff Cuts with Automation

What We Do

Company

Support