Federal Tech Podcast: for innovators, entrepreneurs, and CEOs who want to increase reach and improve brand awareness

Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com In a recent report from Microsoft, they share that foreign adversaries are increasing attacks on American infrastructure. One variation is that they will not penetrate systems and attack, but they will steal credentials and install code to act in stealth mode. This code can hide for years and be deployed when the antagonist wants. Today, we sat down with Travis Roseik from Rubrik to try to find some options for defending against this hidden attack. Let us say an agency has improved its resistance to foreign attacks. This is satisfactory progress, but what happens in a situation where the malicious code was planted prior to the increased defense. Further, during the interview, Roseik states that companies may be able to leverage AI to improve defense, nation states will be using that same AI to improve attack methods. If malicious code is within the walls of an organization, whether by AI or user error, Roseik makes the point that a defensive posture may not be enough in today's sophisticated world of attack. He recommends moving from a defensive approach to an initiative-taking threat hunting strategy. Even if Zero Trust and threat hunting fail, the best response is to have immutable backups. For example, if a breach occurs and the system recovers quickly, then the attackers will go after more vulnerable targets. The conversation underscores the urgency for organizations to adapt and innovate to counteract these threats.

Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com The federal government recognizes that threats are multiplying at an exponential level. In fact, in October 2025, CISA released a free vulnerability scanner, and 10,000 organizations have signed up. Today, CISA is at its current capacity. Today, we examine solutions from a successful startup called CrunchAtlas. One of the co-founders, Ben Fabrelle, will share with the audience his experience in threat hunting in the federal government and why he combined with another veteran to form a company that can assist in threat intelligence, data analysis, and automation. During the interview, Fabrelle says that CrunchAtlas likes to attack "wicked" complex problems. One of the most complicated problems the federal government has is identifying threats in a world where the DoD is being attacked by malicious actors every day. Fabrelle suggests that the solution is a persistent cyber-hunt platform. It can search for threats in a wide range of environments. This means it can be deployed on-prem, in the cloud, or in an air-gapped environment. The founders view that a platform approach is the best way to scale against these adversaries. One of the key differentiators for CrunchAtlas is its ability to operate in the cloud, on-prem, and even in an air-gapped environment. In fact, their offering's code stack, from design, operates in an air-gapped environment. Automation in this kind of environment will allow for a reduction in false positives, which will, in turn, reduce fatigue and decrease the need for human threat hunters.

Ep. 281 How Zero Trust Automation Helps Federal Agencies do More with Less Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com As this interview was recorded, the federal government was in the middle of a shutdown. Hundreds of pundits have given interviews about the politics of the situation; very few have looked at the impact on cybersecurity during a phase of workforce reduction. Today, we sat down with Gary Barlet, the Public Sector CTO at Illumio, to see whether Zero Trust can help the federal government bridge this short personnel gap. Barlet begins by giving an overview of Zero Trust and automation. Rather than having human beings vet entry into federal systems, the concept is to use an automated process that reviews credentials and decides on permission. Barlet emphasizes the importance of Zero Trust in automating security tasks and maintaining operational resilience, especially with reduced staff. He continues to mention several other benefits of Zero Trust in a federal environment. Compliance: A well-thought-out Zero Trust architecture will enable managers to collect data to demonstrate policy enforcement. Legacy: One can effectively take existing systems and "ring fence" them off. This approach creates hundreds and hundreds of rings of defense. Design: During the interview, Gary recommends that you have a handle on the real traffic to reduce complexity. That way, when policies change, the rules can adapt to the environment. Maturity Level: Although CISA has a maturity level for Zero Trust. Barlet distills down some of the requirements for which efforts can be applied to sensitive systems. He suggests focusing on security, not necessarily on a grade. Additionally, he addresses the challenges of managing complex, hybrid environments and the emergence of shadow AI models, stressing the need for robust policies and controls.

Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Today, we sat down with Chris Wysopal from Veracode to talk about how to leverage the power of AI to increase productivity in federal systems. It seems like every headline you read talks about AI speeding up the process of writing code. However, there may be mixed messages here. Wysopan read some academic reports that talked about vulnerabilities being introduced in human code as well as AI code. Because this has been a concern for a while, He initiated the Gen AI Code Security report. They examined a wide range of LLMs to get a fair overview. They discovered 45% introduced vulnerabilities. What is even more shocking is this is similar to the rate from regular, old, garden variety software developers. You can get more details from the Veracode's 2025 Gen AI Code Security Report. It details methodology and notes despite improvements in syntax; security remains a concern. When he presented at a recent Billington Cyber Summit, he was deluged with people interested in problems with AI generated code. The overview is Implement a centralized risk management approach to prioritize and address the most critical vulnerabilities.

A recent study from Carnegie Mellon University is titled "AI Agents Fail at Office Tasks Nearly 70% of the Time." Federal agencies are adopting Agentic AI for the efficiency it can deliver. Unfortunately, many do not realize that Agentic AI is prone to operational risks, ranging from technical glitches to legal complications to accidental database deletion. When Agentic AI causes problems at a federal agency, there can be lives at stake. Today, we sat down with Travis Rosiek, Rubrik's Public Sector Chief Technology Officer. During the interview, he explores the federal challenges of implementing Agentic AI, building an Agentic AI inventory, and making Agentic AI visible, auditable, and reversible. CHALLENGES Everyone —from a systems administrator to an agency administrator —knows that data must be backed up. However, very few understand that Agentic AI is a collection of agents that can be attacked, just like a database. Rubrik offers the capability to reassure users that Agentic AI can be reversed if malicious actors enter the picture. STARTING POINT Most cybersecurity professionals agree that one starts by understanding a system's apps, data, and connections. Five years ago, it was easy; getting a grasp on what Agentic AI connects to is a much more intangible concept. During the interview, Travis Rosiek unpacks Rubrik's history and its unique ability to understand complex systems. CAREFUL In a rather shocking statement, Rosiek says one should approach introducing technology with the assumption that it will fail. This is not a pessimistic approach, but a nuanced understanding of how complexities in current systems can lead to unintended consequences. Rosiek advises starting with the end goal in mind, planning for worst-case scenarios, and building trustworthy AI architectures to mitigate risks and ensure reliable operations.

Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Elastic has been around since 2012 and has been gradually gaining traction in the commercial world. In fact, Elastic has recently signed agreements with Nvidia and Google to improve integration with its distributed search analysis. All this assists with AI search and observability. Today, we sat down with Chris Thompson from Elastic to highlight how commercial success can be applied to the federal world. Looking back at his decades of work with federal agencies, he sees one of the problems in acquisition. In a world of rapid change, it is challenging to acquire technology that can keep pace with the fast pace of change. During the interview, Thompson discusses a recent strategic agreement developed by Elastic working with the GSA and other companies. This streamlines the process of providing technology to federal professionals. This agreement accomplished several tasks at once: >>It leverages the GSA's collective buying power. Rather than negotiating separate prices for dozens of agencies, it has substantial discounts with all the major cloud providers. >>> It reduces duplication. We know several federal agencies are facing similar tech challenges. Rather than duplicating requirements gathering and testing before making a purchase, the GSA approach eliminates this duplicative process. >>With numerous AI tools flooding the market, this agreement enables the accelerated use of these tools. >> When you have standardized contracts, enhanced security is typically the result. No contract is perfect, and people who have developed this agreement know it is a living document that can flex and adapt to technical situations as they arise. GSA officials have stated this is an evolving approach, giving it the ability to adapt to innovative technology, new companies, and a rapidly changing cyber threat.

Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com MongoDB has spent years earning a formidable reputation in the developer world; today, we will unpack some of its capabilities for project managers and federal leaders so they can understand where MongoDB may fit in their stack. Conventional wisdom is that MongoDB is a flexible open-source database. Although that is true, this does not do justice to some characteristics that will appeal to the federal audience. ONE: An agency may have restrictions on where the cloud is not suitable for storage. Because of its ability to use flexible, JSON-like documents, MongoDB has listened to those needs and can have storage in many varying regions. In fact, we have seen a movement to move cloud applications back on premises. MongoDB provides flexibility for working in both hybrid and on-premises environments. TWO: Most readers have studied encryption and think of it primarily as data at rest. Cloud storage transitions have forced a method where data is encrypted during transit. MongoDB can take encrypted data and search while it remains encrypted. Some will describe encryption at rest, in transit, and now, data in use. THREE MongoDB has listened to the federal community and is offering something called MongoDB Atlas for Government. It is a secure, fully managed cloud database service for U.S. Government agencies to modernize applications and oversee sensitive data. During the interview, Ben Cephalo revealed the effort MongoDB is making to serve federal agencies that require FedRAMP high capabilities.

Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Many listeners have become so familiar with AI that they may have assumed it has been around for decades. Today, we sat down with Will Angel from Excella to explore the application of AI to federal technology from a more nuanced perspective. We dive into three main aspects of AI: challenges of integrating AI services, Model Context Protocol, and security considerations with agentic systems. Challenges: No company has grown as fast as ChatGPT; in fact, it is the fastest-adopted consumer application in history. Today, it has an estimated eight hundred million weekly users. This has attracted developers who work on federal projects. Wil Angel recommends careful consideration of people arbitrarily porting data to or from products like ChatGPT because it can compromise data security. MCP In certain circles, the term "Model Context Protocol" is used constantly. It has become so popular that people do not realize it was just coined by Anthropic in November of 2024. During the interview, Angel presents variations on MCP for software development and warns about the hype surrounding the relatively new standard for AI systems. Agentic AI Autonomous systems have been the holy grail for every software developer. The promise of Agentic AI is so powerful that some have jumped into applications without a more prudent approach. When a series of tasks is assembled, unintended consequences can come into play. It is one thing in the commercial world to reveal essential data; it is a completely different situation when the DoD is dealing with life and death situations. Angel predicts significant changes in AI over the next few years, with large language models revolutionizing software systems.

Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Sometimes, the plow must go deeper. Current approaches to Zeer Trust implementation can leave gaps in security. Today, we sat down with Akamai's Mike Colson to discuss the concept of combining Identity Credential Access Management with Least Permissive Trust. Setting the stage, Mike Colson details some of the challenges in the varying kinds of Zero Trust that are being applied in the Federal Government. The standard way of implementing ICM can result in assigning more resources than necessary, leading to permission creep and inflexible permission. Over provisioning: The amount of data being created is almost impossible to manage. A person may be given access to a data set they are not permitted to see. A "just in time" permission structure would help avoid that situation. Stale: Just because a person has access to a data set on a Tuesday does not mean he has access on a Wednesday. People can leave the workforce, be reassigned, or change roles. Access must be constantly updated. Static: Ron Popiel made the phrase, "Set it and forget it," memorable. Unfortunately, this approach can lead to a permission structure that may limit access to key data. This may be considered under-provisioning, potentially leading to time delays in obtaining key information. Colson took the listeners through several iterations of access control, including Role-Based Access Control and Attribute-Based Access Control. On top of these old favorites, Colson discussed what may be called Context-Based Access Control, or what he calls Least Permissive Trust. Least permissive trust is a concept Colson outlined, which uses user behavior, device health, and contextual factors to grant permission dynamically. The conclusion is simple: not all Zero Trust is created equal.

Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com The impact of AI in software development in the federal government is so pervasive that, in July of 2025, the President of the United States released a White House AI Action Plan. Today, we sat down with Bob Stevens from GitLab to put this development into perspective, examine some use cases, and suggest methods that federal agencies can use to prepare for this technological shift. What precipitated the initiative is the recognition that change is occurring so rapidly in the world of software development that the federal government must adapt more quickly than in the past, or it will be vulnerable to cyberattacks. Stevens notes that the federal government has been targeting modernization, producing software faster, and being more efficient, for a decade. AI will help them get there, with some possible cost reduction. For example, in the past, a vulnerability may have taken weeks to discover. Utilizing AI allows federal software developers to reduce that discovery to minutes. That ties in with one essential element in the White House initiative: security. In fact, one of the pillars of the Action Plan is titled "Promoting Secure-by-Design AI Technologies and Applications." Stevens has been involved in federal software development for decades and thinks that a platform approach best serves the essential objectives of this Action Plan. The conversation concludes with the potential for AI to streamline government processes and improve operational efficiency. If you are interested in learning more about the economics of this approach, you can download The Economics of Software Innovations: $750 billion Opportunity at a Crossroads.