GIW Federal 2025: From Audits to Automation: Continuous Compliance for Secure-by-Design Government with Ken Melero

Ken Malero, Regional Vice President for the Public Sector at ChainGuard, addressed the evolving challenges of compliance in cloud-native environments. With cybersecurity threats increasing in scale and frequency, traditional point-in-time approvals such as Authority to Operate (ATO) are no longer sufficient.

“Just because you got ATO of a system, that's a snapshot in time—you have to stay on it,” Malero emphasized, highlighting the necessity of continuous compliance.

ChainGuard approaches this challenge by securing software at every stage of the supply chain.

“We build everything from source and own the entire supply chain,” he explained. “We started with a whole factory to do secure building of software, from Linux base components to open source projects, all in an automated fashion.”

This rigorous approach ensures tamper-proof delivery of software manifests, combining security with cloud-native practices to improve system reliability and compliance.

“These little pieces in the supply chain have a large impact across the systems that you're building,” Malero noted, reinforcing the importance of end-to-end visibility.

Ken also highlighted the value of local support for the Australian public sector and the potential for collaborative engagement:

“I've got a team here in Australia supporting the public sector. We'd love to have conversations with you,” he said, underscoring the global-local synergy in managing cloud security.

Numbers that tell the story:

ChainGuard builds over 250,000 software images daily, covering approximately 95% of the world's open-source components.
Continuous compliance cycles have been reduced from 6 months → 3 months → 60 days → 30 days, with plans to target 7–15 days.
Automated supply chain management ensures full provenance and secure deployment of every software component.
End-to-end ownership reduces dependency-related vulnerabilities across cloud-native environments.
Continuous monitoring aligns compliance with dynamic threat landscapes, improving resilience and system reliability.

Please register as a community member or login to view the full article for free.

GIW Federal 2025: From Audits to Automation: Continuous Compliance for Secure-by-Design Government with Ken Melero

Numbers that tell the story:

Recommendations

GIW Federal 2025: AI Risks — Safeguarding Services and National Security with James Kay

From Blueprint to Battle: Implementing Cyber Strategies to Stop Threat Actors in Their Tracks

2025 Ransomware Holiday Risk Report

GIW Federal 2025: Securing the supply chain: Managing third-Party risk in government with Rosetta Romano

Building Cyber Resilience: A survival guide for security teams

Most Popular Insights

Two Decades On: Rethinking Active Directory Defence for a High-Threat Era

The Importance of Security in Innovation, and Innovation in Security

The Role of Emerging Technologies in Modern Government

Driving Innovation: Uruguay Path to Digital Transformation

IT Modernization and Stabilization: Building a Future-Ready Government Infrastructure

Revolutionizing Environmental Regulation in Alberta Through Technology

Transformation and Modernization in our Digital Services

Designing Services Around Citizen Needs: Achieving Seamless CX in the Digital Era

California’s Technology Strategy: What Is on the Horizon

Seamless Citizen Engagement: The Path to Simplicity

The Intersection of Technology, Security and Privacy at Service NSW

Discussing Current Challenges and Strategies for Recruitment and Retention within the Public Sector

Equity, Diversity, and Inclusion as Part of Organizational Transformation

Generative AI, Trust & the Public Sector

Underscoring Victoria's Digital Vision - Outcomes, Opportunities and Oppositions of Play

Most Popular Partner Content

2025 Ransomware Holiday Risk Report

How Australia builds by design

What’s Shaping Investigations and Integrity in Government (Australia, 2025)

Building Cyber Resilience: A survival guide for security teams

Private LLM Services for secure, compliant AI. Built for when Public AI won’t do.

Redefining Cyber Resilience through proactive Vulnerability Reduction

2025 Purple Knight Report - The Ongoing Struggle to Secure Hybrid AD and Entra ID Environments

Are AI Apps safe to use? How to securely adopt AI in your agency.

AWS vs Microsoft Azure vs Google Cloud vs Oracle Cloud Infrastructure: A Comprehensive Comparison

North Korean State-Sponsored Cyber Attack: Unveiling the Intricacies of Threat Actor Group Andariel

Using the Viable System Model to Improve Government Operations

Leveraging the Strength of Centaur Teams: Combining Human Intelligence with AI's Abilities

Embracing Value Stream Thinking in Public Sector Project Management

Everything You Need to Know About Oracle 23c

The Role of Database Management in Business Growth

Communities

Events

Academy

GIW Federal 2025: From Audits to Automation: Continuous Compliance for Secure-by-Design Government with Ken Melero

Numbers that tell the story:

Recommendations

GIW Federal 2025: AI Risks — Safeguarding Services and National Security with James Kay

From Blueprint to Battle: Implementing Cyber Strategies to Stop Threat Actors in Their Tracks

2025 Ransomware Holiday Risk Report

GIW Federal 2025: Securing the supply chain: Managing third-Party risk in government with Rosetta Romano

Building Cyber Resilience: A survival guide for security teams

Most Popular Insights

Two Decades On: Rethinking Active Directory Defence for a High-Threat Era

The Importance of Security in Innovation, and Innovation in Security

The Role of Emerging Technologies in Modern Government

Driving Innovation: Uruguay Path to Digital Transformation

IT Modernization and Stabilization: Building a Future-Ready Government Infrastructure

Revolutionizing Environmental Regulation in Alberta Through Technology

Transformation and Modernization in our Digital Services

Designing Services Around Citizen Needs: Achieving Seamless CX in the Digital Era

California’s Technology Strategy: What Is on the Horizon

Seamless Citizen Engagement: The Path to Simplicity

The Intersection of Technology, Security and Privacy at Service NSW

Discussing Current Challenges and Strategies for Recruitment and Retention within the Public Sector

Equity, Diversity, and Inclusion as Part of Organizational Transformation

Generative AI, Trust & the Public Sector

Underscoring Victoria's Digital Vision - Outcomes, Opportunities and Oppositions of Play

Most Popular Partner Content

2025 Ransomware Holiday Risk Report

How Australia builds by design

What’s Shaping Investigations and Integrity in Government (Australia, 2025)

Building Cyber Resilience: A survival guide for security teams

Private LLM Services for secure, compliant AI. Built for when Public AI won’t do.

Redefining Cyber Resilience through proactive Vulnerability Reduction

2025 Purple Knight Report - The Ongoing Struggle to Secure Hybrid AD and Entra ID Environments

Are AI Apps safe to use? How to securely adopt AI in your agency.

AWS vs Microsoft Azure vs Google Cloud vs Oracle Cloud Infrastructure: A Comprehensive Comparison

North Korean State-Sponsored Cyber Attack: Unveiling the Intricacies of Threat Actor Group Andariel

Using the Viable System Model to Improve Government Operations

Leveraging the Strength of Centaur Teams: Combining Human Intelligence with AI's Abilities

Embracing Value Stream Thinking in Public Sector Project Management

Everything You Need to Know About Oracle 23c

The Role of Database Management in Business Growth