Federal Tech Podcast: for innovators, entrepreneurs, and CEOs who want to increase reach and improve brand awareness

One of the biggest trends in software development over the past 10 years is the shift from writing code to "assembling" code from off-the-shelf components. During today's interview with Javed Hasan from Lineaje, we learned that 70% of that pre-assembled code is open source. In other words, an anonymous person in some countries modified software instructions. This casual approach may be fine for small businesses, but an organization like the federal government must be highly cautious. Hasan describes how his company was one of the first to work with the federal government to set standards for this existing code. These initial efforts began ten years ago and resulted in Executive Order #14028, which requires a Software Bill of Materials for any organization selling to the federal government. This initiative expanded in 2021-2022 when NIST published related guidelines. These efforts are a good start. However, federal leaders must evaluate SBOM technology from many perspectives. For example, how to incorporate this mandate into air-gapped networks, legacy COTS, or even in a classified environment. System administrators also need to know if they are exposed. Further, every organization has a varying definition of what "deep software transparency" is. Hassan also discusses Lineage's innovative approach to creating "Gold open source" software, ensuring it is free of malware and vulnerabilities. If you are interested in seeing a demonstration of how Lineaje can help with software forensics, there is an event at the Carahsoft office in Reston, Virginia, on January 30 = = Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com

In the past 10 years, Amazon Web Services has gone from a niche player in the federal government to being responsible for billions in sales. One key aspect of this is how Amazon integrates leadership with innovation to address complex federal requirements. Today, we sit down with Andrew Christian to get an overview of concepts like customer obsession, working backwards, and the sixteen leadership principles that AWS implements to accomplish that drastic growth. ONE Customer-focus In the commercial marketplace, the concept of being "customer-focused" is certainly not breaking news. However, as Christian explains, AWS tries to understand (almost obsessively) what the requirements are for federal systems. No, technically, they are not "customers," but they are the end users for any technology project. This focus has given AWS remarkable success in the commercial world, and when they apply it to federal technology, they can succeed where others have failed. TWO Working Backwards Christian explains that "working backwards" is a concept where a team is forced to write a mock press release and FAQ for a future project. This is before they build anything. This helps to clarify the customers' needs by identifying gaps early. THREE encouraging innovations Many describe innovation as failing fast, then recovering. That may hold up in a commercial application where lives are not at stake. During the interview, Andrew Christian differentiates between the importance of making quick, reversible decisions (two-way doors) versus long-term, impactful ones (one-way doors). He encourages federal agencies to adopt these principles to enhance their innovation and adapt to a world co constantly changing technology. Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com

One famous cartoon featured two vultures sitting on a fence; one turned to the other and said, "I am sick of waiting, let's kill something." When it comes to preventing cyberattacks, the federal government is well known for a defensive approach. They have security systems, air gap systems, and even a zero-trust approach. This defensive approach is essential but may not give the federal government a complete view of how to protect data. Today, we sat down with Chris Jones, Nightwing's Chief Technical Officer. He outlines some of the characteristics of a concept called "offense informs defense." This is a method that Nightwing has developed through over 40 years of working with federal technology leaders. For example, they developed their Counter Trace service, which uses offensive cyber strategies to defend critical infrastructure. The service involves proactively hunting for vulnerabilities, identifying access points, and analyzing digital evidence to expose cyberattacks. During the interview, Jones mentions that the GSA has received this approach well. In fact, Nightwing recently won all six GSA Highly Adaptive Security Services categories. These handle security aspects like Penetration Testing, Incident Response, Risk Assessments, Cyber Hunt, and High Value Asses Assessments. Jones emphasizes the importance of initiative-taking, cybersecurity, AI integration, and collaboration across agencies to adapt to protect federal data.

Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Today, we have an experienced tech veteran, Bob Stevens from GitLab, offering insights on how he sees the federal government overcoming three main technology challenges in 2026. Challenge ONE: Software improvement on scale. Stevens observed that everyone has seen AI's ability to review code. It has passed the basic phase, and now, in 2026, it cannot only review code but also identify security vulnerabilities, ensure compliance, and even generate documentation. This means that older, expensive-to-maintain systems can be transitioned to more flexible, economical cloud models. Challenge TWO: Going away from reacting. The word "continuous" has been the goal for cyber defenders for the past several years. Fortunately, AI is allowing that noble goal to be put into practice. When applied appropriately, newer technology can achieve lower breach rates and faster threat response times. Challenge THREE: emergence of a "universal" developer. Traditionally, requirements would be gathered by an intermediary and then translated into instructions for software developers. Stevens shows how newer AI-based approaches can eliminate that intermediary step. In other words, a pilot can precisely describe what they want in an avionics system, and the developers can work from that description. That means solving domain-specific problems with traditional development skills. Ideally, subject matter experts directly translate their knowledge into functional software systems. Some call this the "universal" developer approach. Stevens emphasized the importance of AI, security, and flexibility for future developers. GitLab's DevSecOps platform integrates AI across the entire software development process.

(We recorded this interview at Monk's BBQ in lovely downtown Purcellville, VA) Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Defrauding the federal government is like the weather; everyone wants to complain, but nobody can do anything about it. For example, a joint DOL-SBA report from December 2024 revealed $2.3 billion in potentially fraudulent payments. Today, we sat down with Jeff Gallimore from Excella, where he will diagnose the problem of federal waste, fraud, and abuse. From there, he presents a solution that has already saved millions of dollars. The problem: too many silos From a data management perspective, most enterprise computational capabilities evolved through a federated approach. From a historical perspective, it makes sense that each agency would have its own computers and storage. It makes sense that individual data stores in this environment would be separated, or perhaps the word "siloed", into distinct areas. Now, if you have one silo, you can protect it; if you have a thousand, then there is a problem. During the interview, Gallimore mentioned an agency that manages 9,000 grants. That is a lot of data to coordinate when it is stored in its "silos." The solution: gap analysis Silos can be secure, but the architecture can allow for gaps in security coverage. These gaps, or seams, can allow fraudsters to exploit this structure. For example, an agency may have a division that has identified a person as a fraudster. If that information is not shared, this person can use the same exploit on another area of the agency. Further, interlinks between federated systems can allow adversaries to gain access. Excella has a profile of how they have managed to fill in the gaps in siloed data architecture.

Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com When cloud computing was introduced, it was quite a simple concept: leverage other people's hardware to scale easily. Not too much to manage. However, today's cloud world has metastasized. Today, federal leaders live in a world of on-prem, multiple clouds, private clouds, hybrid clouds, and even sovereign clouds. Complications arise when they are burdened with compliance requirements and staff reductions. Today, we sat down with Ryan McArthur from Zscaler to discuss how to effectively manage a cloud environment when challenged with deploying Zero Trust. He begins by sharing his experience helping federal leaders understand the inherent risks of the VPN system. Few realize that VPN technology was first introduced by Microsoft back in 1996, and then popularized with Windows 4.0, which included built-in support. Thirty-year-old technology can present severe limitations. Unfortunately, the popularity of VPN technology increased with the demands of remote computing during COVID. We are now in a situation where many enterprises have built their architecture on this dated technology. Ryan mentions that one key to juggling clouds is to focus on the applications themselves. He emphasized Zscaler's ability to securely connect users. If you want more information about Zscaler, you should attend the Zscaler Public Sector Summit in March, where you can discuss and collaborate further.

Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com We are at the point where AI is almost expected in any technology offering. Today, we sat down with John Kindervag from Illumio to learn how AI can be applied to the world of federal Zero Trust. Some have characterized today's current cybersecurity situation as an arms race; some call it a whack-a-mole game. An innovative technology, such as AI, becomes popularized, and adversaries use it to improve attacks. As a result, the defenders of data must bolster their response, and they, in turn, use AI to defend. He highlights the importance of visibility, using AI to quickly parse logs, and the concept of dwell time, in which attackers can remain undetected for extended periods. To protect valuable data, Kindervag distinguishes between the attack surface and the defense surface. Although a malicious actor can instigate AI-driven attacks across any surface, sensitive information can be protected by thorough segmentation of the protected surface. During the interview, Kindervag provides tactics to manage legacy technology, fragmented data, and the critical topic of risk-averse culture.

Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com It is rare to see AI applied to federal cybersecurity mandates. However, today, we will sit down with Louis Echenbaum from Color Tokens. He will unpack the concept of using AI to help federal leaders improve their ability to implement microsegmentation. We all know about Executive Order 14028 and the OMNB Memo M-22-09, which are forcing federal agencies to deploy a robust Zero Trust framework. The key components include identity and access management, asset management, continuous monitoring, and micro segmentation. During the interview, Louis Echenbaum expands on current challenges like legacy systems and visibility. For example, what happens once a malicious actor breaches a federal system? Some call this east-west traffic. The general response is to prioritize and segment data so the intruder is denied access. This concept looks good on paper, but in the real world, leaders encounter some issues. First, how can they know exactly what is on their network? This is perplexing in environments where endpoints are in areas that cannot be upgraded. Further, the move to a hybrid cloud offers varying levels of data segmentation. One system administrator may be competent with a specific cloud service provider but does not know all the details of another company. This skills gap can lead to coverage gaps and opportunities for attack. The solution Echenbaum suggests is to leverage AI to improve visibility and give leaders ways to prioritize datasets into appropriate microsegments.

Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com In the world of federal technology we are being deluged with so much information about Artificial Intelligence that we may not see what some of other technologies that may have as great an impact as AI. The White House, the OMB (M-23-02), the Office of the National Cyber Director have made it clear that the time to prepare for post-quantum cryptography is now. Agencies are required to inventory cryptographic systems, prioritize high-value assets, and build migration plans in line with NIST standards. Today, we sit down with Eric Hay from Quantum Xchange to look at making this transition. During the interview, Hay handles issues like technology, operations and appropriate strategy. He highlights the role of NIST in developing and approving new algorithms like NIST PQC Post Quantum Encryption, ML, and CHEM. Eric explains the five-step process for transitioning to these new standards: discovery, prioritization, deployment, monitoring, and management. Rather than spending time evaluating algorithms, Eric Hay stresses the importance of a network-centric approach, suggesting that agencies focus on securing data transport first. Eric predicts Q day, when current encryption methods could be compromised, within 3-5 years, with some European partners aiming for 2029.

Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com John Kindervag began the concept of Zero Trust; he probably did not realize the impact it would have on the technological community. Today, we look at the federal government and Zero Trust implementation from 40,000 feet. Kindervag will opine on topics such as browser security, the importance of data, and operational technology. Instead of using his technical knowledge as a cudgel, Kindervag reinforces the importance of a balanced approach in which federal leaders consider both technological and behavioral aspects of implementing Zero Trust. People with a basic understanding of Zero Trust can disregard the importance of data; he calls it the 'protect surface'. This involves identifying and securing the smallest space within the network, as well as the entire network itself. One missing link in the move to Zero Trust is Operational Technology. When looking at the Department of War, it has assets deployed all over the world. They have thousands of sensors that may or may not be part of a network. Kindervag suggests that when you have a protected surface that is a critical asset, which means it can be included in data sets. The interview ended with comments regarding the challenges of implementing zero trust, particularly the need for strong leadership and the potential of AI to enhance cybersecurity measures, while acknowledging the complexities of data classification and the evolving threat landscape. Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com