Federal Tech Podcast: for innovators, entrepreneurs, and CEOs who want to increase reach and improve brand awareness

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com In boardrooms across America, members are slowly starting to notice the proliferation of cyber-attacks. It is one thing to recognize the danger, quite another to do something about it. Board members may ask, how does a company’s risk profile compare to others? What is a reasonable amount of money to budget for cybersecurity? What about company growth & change? Are there tools to use to approximate risk level? Today, Ben Scudera from Fortreum jumps feet first and answers the tough questions Ben admits that financial estimates are always difficult, he suggests  a typical  spend of   ½ % - 2%  of a company’s annual budget for a typical company. If you are in a regulated environment, perhaps one like a hospital or bank, you may need to revise that estimate. Risk prioritization will have to vary based on the circumstances of each organization. Some start at a weak baseline, others can be quite safe. Even if you are secure, what happens in the future is your company acquires another? What about drastic growth in sales and plant expansion? How to keep up with new attack vectors? Ben’s goal is to provide an understanding of the threat without any scare tactics. One approach is to use a guideline from Fortreum’s Cyberfoundation  that includes eighteen metrics. This view allows leaders to prioritize remediation efforts. He highlights the importance of continuous risk management and education to combat evolving threats like ransomware and phishing attacks. Here is a link to the guidelines from Fortreum:

Ep. 264 How Automation Is Accelerating Digital Transformation Across Federal Agencies Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com In this episode of the Federal Tech Podcast, host John Gilroy interviews Nabil Amiri, Vice President of Business Development for the federal practice at NWN. The discussion introduces NWN’s expanding role in helping federal agencies adopt advanced technologies, particularly artificial intelligence (AI), as part of broader digital transformation efforts. Amiri explains NWN’s recent acquisition of Leverage Information, a move that brought deep federal experience—especially with defense, intelligence, and civilian agencies—into NWN’s already strong commercial portfolio. This merger allows NWN to deliver robust, secure IT solutions tailored to the complexities of federal requirements such as FedRAMP, STIGs, and Zero Trust. He emphasizes that innovation and compliance can—and must—coexist in the federal space. The conversation touches on the real-world challenges federal agencies face, like outdated systems, budget cuts, workforce reductions, and tool sprawl. Amiri critiques the proliferation of “single panes of glass” in IT environments, which often complicate rather than simplify operations. NWN’s strength lies in delivering visibility across systems, reducing complexity, and enabling security and automation through integrated, scalable platforms. Key themes include Zero Trust architecture, infrastructure modernization, automation, and streamlining tech procurement. NWN’s flexible acquisition pathways (e.g., via GSA and SEWP contracts) make it easier for agencies to respond quickly to crises like COVID or cyberattacks. On AI, Amiri emphasizes its role in real-time data analysis to improve visibility and prevent outages, critical for mission continuity. NWN remains vendor-neutral, working with a broad ecosystem of partners to deliver best-in-class, mission-focused outcomes. Looking ahead, Amiri confidently predicts that AI will become foundational to all federal IT strategies, driving operational resilience and transformation in the next five years. The interview sets the stage for deeper dives into emerging topics like agentic AI and cloud-native strategies in future discussions.

Ep. 263  How Microsoft Drives Cloud-Powered Transformation in Federal Agencies   Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Microsoft has been a behemoth in the world of information technology since its founding in 1985. The only way to understand how Microsoft can impact the federal government is to take a topic like AI and conduct a thorough analysis. Today, we sat down with Wole Moses, the Chief AI Officer for Microsoft Federal. He shares his perspective on how Microsoft's innovation can help federal agencies achieve their ambitious goals. Essentially, we discuss AI's role in cyber threats, legacy infrastructure, and compliance. Moses explains that Microsoft's AI assistant, Copilot, is integrated into various products to enhance productivity. He emphasizes the importance of a strategic approach to AI, aligning projects with agency missions and goals. Moses discusses the potential of AI to modernize legacy systems and processes, improve cybersecurity, and support software developers. In AI, multimodal refers to a system that utilizes text, images, audio, and even video. He also highlights the need for multimodal AI to expand communication capabilities and the importance of compliance with frameworks like FedRAMP and NIST RMF.   Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Today, we discuss the importance of user experience for federal websites with guests Amanda Chavez and Rishi Vajpayee from Qualtrics. The expansion covers topics such as cost savings, automation, and the impact of unstructured data on how websites provide information. COST SAVINGS Older systems in the federal government may have been designed to optimize for one function. When new administrations are elected, it is possible that alterations can be made, and the existing system can lead to inefficiency and slow data utilization. During the interview, Amanda Chavez details how a company like Qualtrics can help federal leaders understand friction points. This is especially effective when making a transition to the cloud. Bottlenecks are identified, and the remedy is provided, enabling the complete flexibility of the cloud to be leveraged. AUTOMATION Federal agencies are encouraged to do more with less. Automation can provide the solution to this challenge. Frequently, self-service channels can provide information to citizens faster and more reliably than a traditional human in a call center can. UNSTRUCTURED DATA Rishi Vajpayee discusses some of the weaknesses in how surveys about web experience have been conducted. He notes that unstructured data, such as text, email, and feedback, provides a much richer and deeper understanding of how to enhance a website's effectiveness. Qualtrics' upcoming federal summit in August aims to address these issues and improve service delivery. The Qualtrics Federal Summit event in August 2025 will discuss improving the federal website.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com The current administration has a focus on reducing costs while also improving the delivery of goods and services. When it comes to handling data, innovations in code generated by artificial intelligence have enabled this remarkable goal. The challenge arises when transitioning from the data center to the hospital. " Fail early" may be a mantra for a software developer, but in a healthcare situation, it is unacceptable.   Today, we sat down with two executives from Phillips and explored the value of applying mobile technology to reduce cost and enhance patient outcomes in hospitals. Both gentlemen are military veterans, and the focus of the discussion is the Department of Veterans Affairs, which operates 170 medical centers and employs over 470,000 staff members. When examining the population of veterans, we can see that it has a wide distribution in rural areas. This can mean long trips for patients to get care. During the interview, we look at wearable devices that can provide information to physicians to help make treatment decisions. These can provide real-time health monitoring to act as an "early warning" system for patients. For example, it can detect signs of infectious diseases before symptoms appear.   Advances in machine learning and artificial intelligence enable Phillips to develop a risk score calculation that reduces exposure to vulnerable populations. Explore opportunities to further deploy Philips' remote monitoring and telehealth technologies within the VA healthcare system.

Want to listen to other episodes? www.Federaltechpodcast.com In 2018, ransomware was a quaint little cyberattack.  Suddenly, the first half of 2024 saw $459 million paid in ransomware.  Everyone is being targeted: retailers in the UK, resellers in LA, and even the federal government can be included in the target for ransomware attackers. Today, we sit down with Douglas Holland to see what role Akamai plays in preventing these rapidly proliferating attacks. One of the strengths of Akamai is its ability to handle a wide range of internet activity, as Akamai processes 11 trillion DNS queries daily.  This gives them a perfect perspective to identify troublesome sites and apply Domain Name Systems (DNS) to provide robust cybersecurity. Douglas Holland puts this situation into perspective by noting that during the COVID-19 pandemic, more and more people started using VPN technology, making systems vulnerable to phishing attacks. He notes the rise of ransomware-as-a-service and phishing-as-a-service, emphasizing the importance of employee training and education. Holland also addresses the challenges of VPNs and remote desktop security, advocating for zero-trust architectures and multi-factor authentication. The interview ends with discussing the role of AI and machine learning in Akamai's threat protection.

Everybody knows the world of technology is changing on a massive scale; in the federal community, there is a similar seismic change, but it has to do with policy, not graphics chips. In 2020, the Department of Defense aimed to ensure its suppliers had a reasonable level of cyber protection and released the first version of the Cybersecurity Maturity Model Certification (CMMC). In subsequent years, CMMC became a “nice to have” rather than a mandate. COVID-19 drastically increased the number of remote users, federal technology was moving to the edge, and malicious actors continued to expand their attacks unremittingly. As a result of this “Perfect Storm,” regulators at the DoD have gotten serious about CMMC compliance. In today’s interview, we sat down with two CMMC experts and discussed some of the challenges associated with completing the CMMC requirements. Fortreum’s Ben Scudera mentions that as many as 300,000 companies may be looking at CMMC compliance. While individual companies can read the requirements, there can be misunderstandings. For example, if a company tries to define Controlled Unclassified Information, it may cast too wide a net or too narrow a net. If they are audited, the entire concept of scoping CUI can become a holdup for certification. Early versions of CMMC allowed companies to review their capabilities and report themselves. Today’s CMMC transition is from self-attestation to external audits. These audits are challenging, with only 70 C3PAOs available to support 80,000 companies that require level 2 compliance. The process is complex, requiring detailed data scoping and significant preparation time. Companies must strike a balance between the costs and benefits of compliance, particularly for small businesses. The conversation also touches on the broader implications of CMMC for supply chain security and the potential for CMMC to evolve beyond federal contractin

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com According to Forrester, 48% of organizations have more than one hundred tools in a typical toolchain. How many are not being used? How many duplicates are there? How many can remove abilities in other tools? When you deal with a company, they are getting paid to focus on their solution and ignore others. When you deal with a reseller, they have biases, respond to changes quickly, and understand the complexities of vendors in “swim lanes,” which can include competitors. Today, we sit down with Sam O’Daniel, the President and CEO of TVAR. The conversation ranged from selection of the correct tool to procurement and licensing models. For example, in a recent interview, Scott Rose from NIST talked about modern technology that may include IPv6. The sad news is that it prevents scanning address blocks because it cannot scan all the addresses that IPv6 covers. TVAR collaborates with numerous vendors and is familiar with the strengths and weaknesses of each. Additionally, he understands which vendors work well together and respects the concept of their “swim lanes” in the context of federal technology. A typical federal leader cannot spend five hours a day keeping up with modern technology; resellers must maintain updated knowledge, which they can provide federal agencies with a perspective that few have. The conversation also addresses the challenges of procurement and the need for tool consolidation to minimize government waste.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com   Artificial Intelligence can dazzle people to the point where they lose focus on the objectives of the federal agency. In today’s interview, Adam Lurie from Knexus begins by discussing a corporate strategy that combines research and innovation with engineering. This approach has been consistent over decades of serving the federal government. One stellar example of this fusion was their success in the $919 million 10-year Supply Chain Risk Illumination Professional Tools and Services (SCRIPTS) Blanket Purchase Agreement from the GSA. One of the challenges in “applied” AI is the data itself. Often, particularly in the federal government, there are strict rules governing the handling of data. We have all heard about the encryption of data at rest and data in transit. Given this limitation, it may be challenging to establish an iterative process that optimizes security and reliability. The answer from Knexus is to use synthetic data to emulate an actual sensitive federal data set. That way, several methods can be used to rapidly identify foreign influence, monitor vendor integrity, and visualize complex risk management scenarios. This innovation enables developers to optimize the security of a supply chain, taking into account variations that incorporate modern technologies and adapt to emerging threats. A key partner in this creative approach is Google. Knexus was recently named 2025’s Google Cloud Business Application Partner of the Year for Government. Retaining security while innovating will be the key to applying AI to solve federal business needs now and in the future.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Fifteen years ago, Vivek Kundra began the “Cloud First” policy in the federal government.  It took five years for people beginning to talk about “cloud native” applications.  In other words, instead of a lift and shift to the cloud, developers could take advantage of the cloud’s capabilities resulting in increased agility, scalability, and resilience. Well, here we are in 2025, and it sure looks like the early days of cloud computing.  Lots of dazzling, but few people know how to leverage efficiency, speed, and personalization of AI. Today, we sat down with Sri Iyer, CTO and Co-founder of a company called KOVR.AI.  Finally, he presents to listeners how AI can be applied to the tedious process of federal certification. We look at the complex process of CMMC. One aspect of CMMC is CUI.  It does sound simple, but if a company over scopes or under scoped CUI it can make for difficulty in completing the certification. Further, assets are changing all the time.  How can a company provide a detailed report of its assets at a specific moment in time?  Next, the employees in a typical federal contractor are billing 40 hours a week.  Is a business owner supposed to pull people off a revenue-generating position to complete CMMC tasks? Finally, what about the companies who supply the DIB?  In a normal supply chain, more than just the company seeking CMMC is part of the puzzle. Listen to the interview to see how the innovation Sri Iyer can be applied to making the CMMC process faster and easier to document. Iyer emphasizes the importance of proper documentation and training for CUI (Controlled Unclassified Information) and offers practical advice for companies to prepare for CMMC, including creating an inventory of IT systems and vendors, and seeking expert help.