Federal Tech Podcast: for innovators, entrepreneurs, and CEOs who want to increase reach and improve brand awareness

Want to listen to other episodes? www.Federaltechpodcast.com In 2018, ransomware was a quaint little cyberattack.  Suddenly, the first half of 2024 saw $459 million paid in ransomware.  Everyone is being targeted: retailers in the UK, resellers in LA, and even the federal government can be included in the target for ransomware attackers. Today, we sit down with Douglas Holland to see what role Akamai plays in preventing these rapidly proliferating attacks. One of the strengths of Akamai is its ability to handle a wide range of internet activity, as Akamai processes 11 trillion DNS queries daily.  This gives them a perfect perspective to identify troublesome sites and apply Domain Name Systems (DNS) to provide robust cybersecurity. Douglas Holland puts this situation into perspective by noting that during the COVID-19 pandemic, more and more people started using VPN technology, making systems vulnerable to phishing attacks. He notes the rise of ransomware-as-a-service and phishing-as-a-service, emphasizing the importance of employee training and education. Holland also addresses the challenges of VPNs and remote desktop security, advocating for zero-trust architectures and multi-factor authentication. The interview ends with discussing the role of AI and machine learning in Akamai's threat protection.

Everybody knows the world of technology is changing on a massive scale; in the federal community, there is a similar seismic change, but it has to do with policy, not graphics chips. In 2020, the Department of Defense aimed to ensure its suppliers had a reasonable level of cyber protection and released the first version of the Cybersecurity Maturity Model Certification (CMMC). In subsequent years, CMMC became a “nice to have” rather than a mandate. COVID-19 drastically increased the number of remote users, federal technology was moving to the edge, and malicious actors continued to expand their attacks unremittingly. As a result of this “Perfect Storm,” regulators at the DoD have gotten serious about CMMC compliance. In today’s interview, we sat down with two CMMC experts and discussed some of the challenges associated with completing the CMMC requirements. Fortreum’s Ben Scudera mentions that as many as 300,000 companies may be looking at CMMC compliance. While individual companies can read the requirements, there can be misunderstandings. For example, if a company tries to define Controlled Unclassified Information, it may cast too wide a net or too narrow a net. If they are audited, the entire concept of scoping CUI can become a holdup for certification. Early versions of CMMC allowed companies to review their capabilities and report themselves. Today’s CMMC transition is from self-attestation to external audits. These audits are challenging, with only 70 C3PAOs available to support 80,000 companies that require level 2 compliance. The process is complex, requiring detailed data scoping and significant preparation time. Companies must strike a balance between the costs and benefits of compliance, particularly for small businesses. The conversation also touches on the broader implications of CMMC for supply chain security and the potential for CMMC to evolve beyond federal contractin

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com According to Forrester, 48% of organizations have more than one hundred tools in a typical toolchain. How many are not being used? How many duplicates are there? How many can remove abilities in other tools? When you deal with a company, they are getting paid to focus on their solution and ignore others. When you deal with a reseller, they have biases, respond to changes quickly, and understand the complexities of vendors in “swim lanes,” which can include competitors. Today, we sit down with Sam O’Daniel, the President and CEO of TVAR. The conversation ranged from selection of the correct tool to procurement and licensing models. For example, in a recent interview, Scott Rose from NIST talked about modern technology that may include IPv6. The sad news is that it prevents scanning address blocks because it cannot scan all the addresses that IPv6 covers. TVAR collaborates with numerous vendors and is familiar with the strengths and weaknesses of each. Additionally, he understands which vendors work well together and respects the concept of their “swim lanes” in the context of federal technology. A typical federal leader cannot spend five hours a day keeping up with modern technology; resellers must maintain updated knowledge, which they can provide federal agencies with a perspective that few have. The conversation also addresses the challenges of procurement and the need for tool consolidation to minimize government waste.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com   Artificial Intelligence can dazzle people to the point where they lose focus on the objectives of the federal agency. In today’s interview, Adam Lurie from Knexus begins by discussing a corporate strategy that combines research and innovation with engineering. This approach has been consistent over decades of serving the federal government. One stellar example of this fusion was their success in the $919 million 10-year Supply Chain Risk Illumination Professional Tools and Services (SCRIPTS) Blanket Purchase Agreement from the GSA. One of the challenges in “applied” AI is the data itself. Often, particularly in the federal government, there are strict rules governing the handling of data. We have all heard about the encryption of data at rest and data in transit. Given this limitation, it may be challenging to establish an iterative process that optimizes security and reliability. The answer from Knexus is to use synthetic data to emulate an actual sensitive federal data set. That way, several methods can be used to rapidly identify foreign influence, monitor vendor integrity, and visualize complex risk management scenarios. This innovation enables developers to optimize the security of a supply chain, taking into account variations that incorporate modern technologies and adapt to emerging threats. A key partner in this creative approach is Google. Knexus was recently named 2025’s Google Cloud Business Application Partner of the Year for Government. Retaining security while innovating will be the key to applying AI to solve federal business needs now and in the future.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Fifteen years ago, Vivek Kundra began the “Cloud First” policy in the federal government.  It took five years for people beginning to talk about “cloud native” applications.  In other words, instead of a lift and shift to the cloud, developers could take advantage of the cloud’s capabilities resulting in increased agility, scalability, and resilience. Well, here we are in 2025, and it sure looks like the early days of cloud computing.  Lots of dazzling, but few people know how to leverage efficiency, speed, and personalization of AI. Today, we sat down with Sri Iyer, CTO and Co-founder of a company called KOVR.AI.  Finally, he presents to listeners how AI can be applied to the tedious process of federal certification. We look at the complex process of CMMC. One aspect of CMMC is CUI.  It does sound simple, but if a company over scopes or under scoped CUI it can make for difficulty in completing the certification. Further, assets are changing all the time.  How can a company provide a detailed report of its assets at a specific moment in time?  Next, the employees in a typical federal contractor are billing 40 hours a week.  Is a business owner supposed to pull people off a revenue-generating position to complete CMMC tasks? Finally, what about the companies who supply the DIB?  In a normal supply chain, more than just the company seeking CMMC is part of the puzzle. Listen to the interview to see how the innovation Sri Iyer can be applied to making the CMMC process faster and easier to document. Iyer emphasizes the importance of proper documentation and training for CUI (Controlled Unclassified Information) and offers practical advice for companies to prepare for CMMC, including creating an inventory of IT systems and vendors, and seeking expert help.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Zebra Technologies is the best-kept secret in town. The reason is simple: Zebra Technology has been in business for 55 years and has achieved an impressive amount of success in the commercial world. Jan states that 80% of Fortune 500 companies rely on Zebra for asset tracking. Yet, if one were to walk through a federal technology trade show, one would never identify Zebra. In today’s interview, we focused on how Zebra Technologies has had a relentless focus on replacing pen-and-paper systems with modern technology. One unexpected benefit of streamlining asset tracking is the reduction in time to prepare reports. Jan Ruderman states that audit preparation can be reduced from eight hours to twenty minutes. Federal technology leaders are drowning in data, much of which is generated by devices such as Operational Technology under the control of Information Technology. Logistics management is the only way to get control of a rapidly changing system. The real lesson is an application of commercial success to the needs of a federal government that is increasingly operating at the edge.

Seventy percent of the world's internet traffic goes through Ashburn, Virginia. That fact has led to the growth of over five hundred data centers in Northern Virginia. Today, we sat down with one of those companies to examine its data centers and its relationship with the federal government. John Reynolds is the Director of QTS Federal. He has decades of experience in federal technology and provides the listener with an overview of QTS's origins, its values, and recent growth. He views the data center business as a real estate endeavor. Land is acquired, a facility is constructed, and it has occupants. A company like Amazon Web Services have their dedicated data centers; QTS can house several different customers. We do not know the specific names; we can assume they are as large as Facebook and encompass federal agencies of all types. Facebook may require one set of standards when it comes to security, and the NIST provides guidelines for federal data protection, which QTS includes as part of its compliance. The company participates in the community and understands the impact of energy requirements and cooling for local communities. John Reynolds highlights the importance of resilience with multi-layered power redundancy and advanced energy contracts. QTS is also expanding into Europe and exploring alternative power sources due to grid limitations.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com There is a whirlwind of change in federal technology. For example, Federal News Network has reported that 25% of the IRS technology staff have left. Additionally, funding has been reduced, data stores are increasing, and we are all trying to understand the impact of Artificial Intelligence. Today, we sat down with Phoebe Nerdahl and Sayed Said from SNYK. They offer solutions to address the challenges of changing technology in this environment. The approach from SNYK is to start at the beginning of the code development process, what is called a shift left. They discussed the need for a secure framework for AI adoption, leveraging Snyk's proprietary database and security research team to enhance code security. The conversation also touches on the evolving definition of AI and its integration into various applications. Snyk's AI Trust Platform aims to protect against insecure AI-generated code, emphasizing continuous security monitoring and automation. They have a vulnerability database, which enables them to review code for potential issues. Further, their platform can automate this needed remediation.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Gregory Garrett, Chief Operating Officer at REI Systems, discussed digital transformation and innovation at the AWS summit in Washington, DC.  He has a fascinating background that includes a career as a fighter pilot, the publication of twenty-four books, and guest lecturing at Georgetown University. The stated goal of today's administration is to reduce costs and eliminate waste. Today's aging systems are prime candidates for innovation. Unfortunately, there is no "innovation" button that a federal leader can press to have a variety of suggestions at their fingertips, allowing them to choose the best alternatives for improvement. He has applied all this experience in dealing with talented software developers by organizing a competition for new ideas. It is REI's "REI Innovation Competition," which generated over 100 white papers and led to a proof of concept for government agencies. From REI's perspective, digital modernization must address issues such as legacy systems, code revision, and improved code documentation. As a case in point, Gregory Garrett reviews the success REI has had in the federal grants management program. During the interview, he delves into topics such as quantum computing and interoperability. Listen to the perspective of a digital leader who can extract innovation and leadership out of highly skilled software professionals.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Many of today’s archaic federal systems have been built over decades. As a result, they are perfected but also fragile. One obvious source of vulnerability is the workforce that created it. It is hard to believe that COBOL was released in 1960 and is still active in some federal systems. The individuals who developed the code for these systems are now long past retirement age. Some code was accurately documented, and some were not. As a result, the process of transferring to a newer environment is fraught with concern. Until AI, the only way to understand the underlying code was for a human being to review it line by line. Everyone realized that this process was so tedious and time-consuming that an informal policy emerged, essentially patching the system. They kicked the can down the road for the next generation. Well, AI is her. It has the unique ability to review code, identify problems, and provide solutions quickly. This will drastically reduce the risk of moving antiquated systems from aging code systems. Today, we sat down with Kartik Mecheri from Karsun Solutions and Alan Thomas, former Commissioner of GSA FAS. During the interview, they offered suggestions on how best to accomplish the challenging task of digital modernization. Kartik emphasizes the value of a platform like ReDuX. Utilizing Amazon’s Bedrock, ReDuX allows system developers to create a blueprint for the existing system. When combined with humans, this platform will save money on maintaining older systems and bring much-needed flexibility to new applications. Listen to learn how Karsun Solutions can reduce costs, increase flexibility, and improve efficiency in the process of digital modernization. The conversation also touched on the challenges of mission-critical systems, the role of AI in reducing risk, and the evolving job market, suggesting a shift towards strategic and innovative roles.