Federal Tech Podcast: for innovators, entrepreneurs, and CEOs who want to increase reach and improve brand awareness

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com How do you defend your website against an attack that can reach one hundred million requests a second? The federal government is in an unusual position: in addition to the "garden variety" attacks, such as phishing and ransomware, it is also subject to political attacks with a specific agenda. Ostensibly, they do not have financial motivation; their motivation is a political statement. Welcome to hacktivism. The tool they use is a tried-and-true, good, old-fashioned Distributed Denial of Service (DDoS) attack. If you consult your history books and shake off the dust, you will find that the first DDoS attack was recognized in 1996. Advances in cloud computing and AI have been a force multiplier for malicious actors to shut down websites. In the past, the attacker would remain anonymous; not today. Today's hacktivist often claims responsibility for the attack and publicize their demands. It has gotten to the point where DDoS attacks are available to consumers as DDoS-as-a-service. Pascal Geenes has authored an article about a particularly nasty DDoS attack, appropriately called "DieNet."  It attempts to instill doubt and chaos in a federal site. What is the defense? Pascal Geenes has identified vulnerabilities in APIs as a key attack vector. Many federal agencies are not aware of their API inventory. It is possible to scan a federal site, identify a flaw in an unused API, and leverage that knowledge to launch a DDoS attack. Radware's solutions, including AI-driven security, help mitigate these attacks quickly, reducing the mean time to resolution (MTTR). Heenan emphasizes the importance of being initiative-taking in cybersecurity. = = =

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Sometimes, one plus one is three. Back in 2021, McAfee’s Enterprise business merged with FireEye to form Trellix. Today, the net result is a company that generates $1.2 billion globally and $400 million in the public sector. In today’s interview, Ken Karsten details how federal leaders can use Trellix to improve cybersecurity in a federal world with rapidly increasing end points. Setting the stage, Ken Karsten reviews an Executive Order 14028  from 2021 that encouraged federal agencies to aggressively protect endpoints, sometimes called Endpoint Detection and Response. In four short years, AI has transformed the way malicious actors attack end points and the defense had to be improved. Enter, Extended Detection and response. During the interview, Ken Karsten gives listeners an overview of XDR’s continuous monitoring, advanced analytics, and rapid threat assessment and response capabilities. Advances in AI have allowed Trellix to deliver EDR and XDR capabilities at a drastically reduced cost. Topics in the discussion include Operational Technology, 5G, and Trellix’s recent DoD IL5 authorization. Provide a link to download the Trellix Cyber Threat Report.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com If you are a regular listener, you know that I interview tech companies to have them elucidate the ways they can help federal agencies reach goals. Today, I will pull back the curtain and sit down with an HR professional from a successful company to understand his business and how he is hiring technical staff. First, Kentro has been in business for over twenty years and has a formidable reputation for ethical and responsible assistance in federal projects. Jun Choi is the Senior Vice President of Human Capital Services at Kentro. His company focuses on digital modernization, cybersecurity, and data and AI services. During the interview, Jun Choi highlights the importance of a growth mindset, adaptability, and practical experience over formal education. The focus is on growth because nobody has a crystal ball to divine what will happen in the next five years.  If the past is prologue, Kentro will expand, but where? Procurement methods are rapidly changing along with technology itself. Many of the skills needed today were not taught in universities in the past. As a result, Jun Choi likes to discover whether a candidate has been in situations where a flexible mindset has been the key to success. He has seen college graduates with simply basic skills. Unfortunately, today’s AI can do all the basics easily. Humans need critical thinking when they understand the implications of a large language model. Choi remains optimistic about the future, predicting stabilization and innovation driven by AI.  

In this episode of the Federal Tech Podcast, host John Gilroy sits down with Vishwas Lele, CEO and co-founder of pWin.ai, and Larry Katzman, President and CEO of Applied Information Sciences (AIS), to explore how technology leaders can write smarter proposals in an increasingly complex federal landscape. The conversation dives into the current state of the government contracting industry, including how shifting policy initiatives are shaping new opportunities—and new challenges—for contractors. Larry shares firsthand insights on how AIS is adapting to these changes, the role of pWin.ai RFP tool in improving proposal efficiency and win rates, and what lessons they've learned along the way.    

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Years ago, the headline “Data Breach” was shocking; today, it is common. That may not be a problem for some, but the federal government maintains data stores that contain information about finances, health, and military matters. A recent report has shown that 50% of federal agencies have reported data breaches. It appears that it's time to find a solution. Today, we sat down with Blain Canavan from Thales Group to examine the usual suspects and the potential threats ahead. THE USUAL SUSPECTS:   MFA:  Protecting data can be accomplished with something as basic as phishing-resistant Multi-Factor Authentication. The first step in identity management can significantly reduce threats. Encryption: Deploying encryption can protect data at rest, in transit, and memory. Keys to the Kingdom: Little-known methods of managing the PKI system can help reduce risk in protecting data. THEAT DOWN THE ROAD: QUANTUM Now that you have checked the boxes for basic data protection, it is time to get a grasp on what lies ahead. We have read about quantum cryptography for twenty years. Today, we have pre-standardized quantum-resistant cryptographic algorithms available. One needs to take action a little sooner. During the interview, Blair Canavan highlights the proactive measures taken by the US federal government, including the implementation of PQC-safe digital signatures by 2025. The “down the road” also has a delimitation -- Blair emphasizes the urgency of replacing outdated cryptographic methods, such as RSA and ECC, by 2030 and 2035, respectively. Include the 2024 data threat report. = ==

Today, we have a pattern interrupt. Instead of a standard 25 minute interview, we will sit down with five nominees for a leadership award from Women in Technology.   Each candidate sits for a "lightning" round of eight minutes where they answer three questions about leadership and give their reason for participating in Women In Technology.   In order to see who won, you will have to visit Women In Technology.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Everyone is trying to figure out how to apply AI to federal problems—essentially, building large language models and trying to wring value from them. Inevitably, many are jumping into creating LLMs from various data stores. We are right at the point where consideration is given to managing enormous data sets in the federal government, emphasizing the need for operational efficiency and security. The hard lesson learned is data in transit, which means expense. Today, we will sit down with Dr. Ellison Anne Willimas to explore the potential of privacy-enhancing technologies to enable secure and efficient data use across classification boundaries and data silos. Dr. Ellison Anne Williams suggests a solution called Privacy Enhancing Technology (PET). It is applied to data as it sits in a silo, a data lake, or whatever nomenclature is used to describe large data sets these days. PETs allow the secure and private use of data across boundaries and classifications. She explains how PETs enable AI and machine learning models to be trained and used without compromising sensitive data. The conversation also touches on the cost savings from avoiding data replication and the potential for significant operational efficiencies. Explore the potential of privacy-enhancing technologies to enable secure and efficient data use across classification boundaries and data silos.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Automation is a two-edged sword. On the one hand, it promises greater efficiency; on the other hand, it can pose inherent risks, such as maliciously modified data, bias, and even data poisoning. During today’s interview, Mia Jordan from Salesforce offers a solution.  She is an experienced federal executive with a long-standing involvement in the federal technology community.  She has identified bottlenecks that can be solved with a structured approach that offers flexibility. Rather than grabbing any data set off the shelf, when the data has been curated, it can avoid many of the issues with creating specialized data sets. Secondly, a company like Salesforce may have seen similar processes and have a store of code that can solve an agency’s problem.  Re-purposing code that has worked before in a secure environment is a way to accelerate solving vexing federal issues. The conversation also highlights the importance of collaboration and community within the federal government in enhancing efficiency and service delivery. During the interview, Mia Jordan reviewed Agentforce and gave guidance on deploying a process called Role, Knowledge, Action, and Guardrails.    

Here we are in the spring of 2025, and the headline news is that the federal government is removing tech staff; at the same time, reports are coming in of thousands of unfilled cybersecurity positions across the government. Today, we sit down with a self-proclaimed “Cybersecurity Lifer” who will give the perspective of the SANS Institute on this dilemma. John Pescatore has been involved in federal cybersecurity since 1978. When he examines our current situation, he gives his opinion on training, skill level, and legislation that is being considered to address many of these issues. He mentions recent SANS studies that have suggested the issue is less about the number of openings than about finding individuals with a specific skill set required for a federal role.  He discusses the evolution of cybersecurity training from hands-on courses to community college programs and the importance of practical experience. Pescatore also discusses AI's role in cybersecurity, noting its limitations and the need for domain expertise. He emphasizes the importance of rotating staff roles and providing continuous training to retain talent in federal agencies.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com GitLab has been around for ten years and has garnered a reputation for helping federal agencies ensure compliance with stringent government standards. Today, we sat down with Joel Krooswick from GitLab to discuss some top-of-mind topics for the software development community: Agentic AI and the implications of applying AI to software development. Joel Krooswick explains that Agentic AI acts as unit taskers, managing specific tasks exceptionally well, such as code creation and refactoring. He emphasizes the importance of contextual awareness and security protocols to prevent malicious attacks. In a play of words, it was suggested that "artificial" Intelligence may be replaced by "augmented" Intelligence—GitLab's role in augmenting, not replacing, developers, and the need for real-time compliance checks. They also touch on the cultural shift required to adapt to AI's advancements, ensuring human value remains central in the workforce. Joel will speak at the Gartner Security & Risk Management and AWS Public Sector Summit in the Washington, DC, area on June 10-11.