Federal Tech Podcast: for innovators, entrepreneurs, and CEOs who want to increase reach and improve brand awareness

The first part of this interview is a fascinating description of how John Kindervag produced the concept of Zero Trust. In the early days of networking, many users were described as “trusted users.”  John questioned as to why they did not take the next step and verify then. The response was classic – because it would be rude. Fast forward a few decades and we see countless breaches and billions of dollars of intellectual property lost because of fear of offending the sensitivities of users. Back to 2011. Interfaces on firewalls could have varying levels of trust associated with them; the question from John Kindervag was, “why any levels at all?” His idea of zero trust resonated in the commercial and federal marketplace. For example, an Executive Order was issued in May of 2021 mandating the adoption of zero trust for the federal government. During the interview John Kindervag presents a fascinating contrast between the attack surface and the protect surface. This is a framework to allow federal leaders to prioritize what data to protect. To gain a better understanding of how to deploy Zero Trust, The National Security Telecommunications Advisory Committee was established. It presents a five-step model and shows how to build Zero Trust  one protects surface at a time. Listen and learn about the Cloud Security Alliance and myriad ways to develop expertise in the nuances around incorporating Zero Trust into your federal network.   Mentioned in the interview:  What is Zero Trust Architeture?  https://www.illumio.com/blog/what-is-a-zero-trust-architecture  

On December 13, 2021, an Executive Order titled “Executive Order on Transforming Federal Customer Experience and Service Delivery to Rebuild Trust in Government.”   This initiative reflects the greater commercial experience. Because people are now so comfortable with transactions on a phone that customers are using sites that present as “user friendly.”   When combined with the Covid information that the federal government was presenting, the idea of improving the user experience only makes sense. Thelma Van is an articulate and experienced professional with user experience. During this interview, she takes the topic from a high level the level of the click.  The interview covers topics like infrastructure, common communication, and a focus on user needs. When it comes to defining user experience or UX, it is a formal method to evaluate functionality. In other words, how a typical user attempts to complete a task on a website. Thelma Van suggests that if agencies are interested in improving user experience, then they should start with getting as many stakeholders as possible in a room and listening to the challenges they express. Although there are tools like heat maps and speed evaluations, her experience makes her put the focus on human beings first. The federal government is going through a “digital transformation.”   Many focus on important topics like identity management, software bills of materials, and even graphics processors. This is the interview that shows listeners that software development should put primary emphasis on the people the systems are designed to serve. Follow John Gilroy on LinkedIn  https://www.linkedin.com/in/john-gilroy/ Listen to past episodes of Federal Tech Podcast  www.federaltechpodcast.com

DoD tossed the revisions to the OMB; the 300,000 people in the DIB are waiting with ‘bated breath to see what it looks like in the Federal Register. Will it be a “final” rule? Will it be an “interim” rule? The first paragraph sounds like an academic dispute in an ivory tower; that “tower talk” is particularly important for the 300,000 companies that comprise the defense industrial base. Today, sit down with Kevin Hancock from Exostar. He will give you his thoughts on this important piece of federal regulation. If you wanted to classify this transition as revolution or evolution, you would have to side with the Darwin followers. The CMMC is not anything new, this is just the next logical step. Smaller companies may earn a living as subcontractors to a large prime contractor. The large organizations are making inquiries to all their partners to see where they stand with CMMC. May are looking in the mirror and asking, where do I start? During the interview, Kevin Hancock from Exostar breaks the process down into segments that any company can understand. He explains that ten companies may have ten different sets of requirements to comply with CMMC. For example, do you have the expertise to run the requirement in-house? Even if you did, is this the optime way to use their time? Will an application from a company like Exostar be able to leverage the skill set you have in-house? Your company may just need a few templates to complete. However, you may be in a situation where you are looking at six months to complete an 18-month project. Had you started earlier, you would not have been in the situation. We all understand that CMMC was put in place to safeguard controlled unclassified information and controlled unclassified information. These are reasonable requirements, yet each person listening to this podcast may have a different journey. Exostar can help. Follow John Gilroy on LinkedIn  https://www.linkedin.com/in/john-gilroy/ Listen to past episodes of Federal Tech Podcast  www.federaltechpodcast.com  

There was a time when a “snapshot” of a federal system was taken, and its security posture was evaluated based on the moment in time. That may have been a tolerable solution when a network consisted of two dozen personal computers and a server down the hall. However, this superficial approach will not work with today’s networks in constant change. For example, data is exploding and entering systems from a wide variety of portals. Add to that the devices that deliver that tsunami of data are doubling and tripling themselves. During this interview, Jonathan Trull from Qualys gives his opinion on the state of today’s federal technology when it comes to vulnerability assessment, configuration settings management, asset management, and dynamic application security testing. He also addresses qualitative aspects of managing assets. Jonathan Trull refers to the weakness of a “checkbox” approach to managing assets. In mature systems like the federal government has today, you may discover managed and unmanaged assets. Just because you check the box on “managed” assets, this does not mean it is professionally managed; it may be poorly managed leaving a system vulnerable. Software development is all about Minimum Viable Products and frequent changes. Terrific for agile software development, however, each update means a new weakness could be introduced. Federal leaders must embrace agile methodologies and keep systems safe at the same time. This means everyone should consider dynamic security application testing as part of a prudent network safety analysis. This interview will give you a good introduction to how to keep enterprise systems safe in a world of constant change. Follow John Gilroy on LinkedIn  https://www.linkedin.com/in/john-gilroy/ Listen to past episodes of Federal Tech Podcast  www.federaltechpodcast.com      

Thousands of books have been written about agile software development since the release of The Agile Manifesto back in 2001.  It was a noble, but frustrating concept two decades ago.  They really did not have the tools to have informal teams combine to complete complicated software development projects. For example, if your team were in one building, you could meet daily and provide updates on agile topics like product backlog and continuous integration.  This face-to-face approach hit a wall when team members were remote.  Back in 2006, the founders of Bluescape saw the problem and started to develop technology that allowed professionals to accomplish the task of process management and workflow automation.  In 2011, the Scaled Agile Framework (SAFe)started releasing frameworks for assisting larger organizations deploy agile methodologies.  Bluescape works well with the principles of SAFe. During the interview, Norm Literini describes how Bluescape provides a platform to allow software to be developed in a flexible manner.  It provides common operating tools to unite sectors, this can be in software, crisis response, of cross-functional planning. Further, Bluescape is FedRAMP and IL4 / IL5 compliant so federal systems managers can rely on a system to produce software safely as well as effectively. Follow John Gilroy on LinkedIn  https://www.linkedin.com/in/john-gilroy/ Listen to past episodes of Federal Tech Podcast  www.federaltechpodcast.com          

The world is exploding with data and the need for systems to manage it.  Unfortunately, we are not seeing a commensurate growth in people who are getting trained in software development.  Let’s state the obvious:  the need for coding is driving companies to look at ways to reach project milestones creatively. Companies like Nintex offer what they classify as no code, low code solutions.  Essentially, they look at ways to systemize code creation. Let’s put this concept into perspective. In 1999 Salesforce popularized the concept of software-as-a-service.  It became the world’s largest software firm in 2022.   One could consider low code, no code as a compromise between prepackaged systems like Salesforce and companies who laboriously wrote each line of custom code.  This approach provided a reduction in development time, along with an added benefit of scalability. One weakness of custom coding is the time-consuming process it takes.  Today, we see individuals in companies jumping on “shadow IT” where they use systems that may be included in the purview of systems administrators. Speeding up projects with no code, low code acts as a deterrent to the dangerous jump to unauthorized code on networks.  During the interview, Steve Witt talks about the popularity of low code, no code in the commercial world. Many estimate that 84% of today’s enterprises turn to low code, no code. The interview includes Steve’s differentiation between Business Process Automation and Robotic Process Automation.  Furthermore, listen to the comparison Steve provides between low-code and no code systems to see what approach may benefit your agency. Follow John Gilroy on LinkedIn  https://www.linkedin.com/in/john-gilroy/ Listen to past episodes of Federal Tech Podcast  www.federaltechpodcast.com      

One of my goals in “Federal Tech Podcast” is to let federal leaders get an idea of what new companies and ideas are available to help them reach their goals. Well, everybody knows Google. This is an interview with Leigh Palmer from Google to bring to light some unknown areas of Google. Leigh provides Google's perspective on major cloud issues, like defining “cloud native” and giving her opinion on the hybrid cloud. She thinks that federal leaders should look at the success Google has had with commercial organizations. To accommodate that knowledge transfer, Google Public Sector was launched in 2022. It has gotten so popular that they now have an annual conference dedicated to the federal government called the Google Public Sector Conference. At the last conference, a couple of innovations were expanded upon. During the interview, Leigh Palmer details some of the advantages of what is called Codey. Finally, you can evaluate  code with the assurance of a company the size of Google standing behind it. https://blog.google/technology/developers/google-colab-ai-coding-features/ Recently, we have seen the OMB provide a FedRAMP draft memo seeking comments on changes to the venerable FedRAMP. We all know that FedRAMP was released ten years ago; many do not realize that this is the first change. Some of the recommendations include guidance on cloud deployments as well as a suggestion to move away from dedicated clouds. Leigh has been involved in helping federal agencies reach goals for decades. Listen to learn how agile and innovative a big company like Google can be. Follow John Gilroy on LinkedIn  https://www.linkedin.com/in/john-gilroy/ Listen to past episodes of Federal Tech Podcast  www.federaltechpodcast.com    

Ep. 114 Improving Digital Adoption for Secure Federal Technology Commercial enterprises and the federal government have a challenge in managing the tremendous tsunami of data that has been released in the past few years. On top of that, federal agencies are under an unfunded mandate to adopt Zero Trust for all its systems. During this interview, Billy Biggs from WalkMe suggests that Artificial Intelligence may provide solutions to this complex problem. He begins by addressing the concept of digital automation. For example, when a person requests time off, they may have to engage five separate systems. With automation, you can reduce that complexity. Billy Biggs looks at artificial intelligence from a longer perspective. He observes that today’s Artificial Intelligence may be the worst one will see in their life. One approach he likes to see is a focus on increasing productivity with AI on a small scale first, then raising the level of adoption. His overall message is that AI will make substantial changes and humans will have to be trained in the new applications. This process cannot be done in a traditional classroom, it must be done in a process where training is done in an environment where training is built right into the application. A true digital transformation cannot waste time, it must look at how an AI system works identify the top ten issues, and create user efficiency with that approach. That way, time is not wasted teaching people about aspects of any new application that are not pertinent.   Follow John Gilroy on Twitter @RayGilray Follow John Gilroy on LinkedIn  https://www.linkedin.com/in/john-gilroy/ Listen to past episodes of Federal Tech Podcast  www.federaltechpodcast.com    

Josh Brodbent has an amazing technical background. When he was still in his teens, he started a company that managed services. For the past twenty years, he has immersed himself in the world of technology with a particular focus on ICAM and cyber security. During today’s interview, we tapped his technical expertise to comment on some trends in cybersecurity that can impact the federal government:  the MGM hack and CISA updates. The MGM attack was a curious combination of old-school methods and artificial intelligence. According to reports, a malicious actor used a telephone call to gain access to a system. The telephone number was easy to find; the rest of the pieces of the puzzle were available through social media. This new vector launches a new portmanteau. It combines voice with phishing to yield “Vishing.”  The real talent in this attack was the convincing phone manner, with doses of urgency, which allowed the hackers to get into the MGM system. They set up some ransomware and walked away with an estimated 100 million dollars. Josh Brodbent looks at the recent announcement from CISA. To use securely developed software, they a. mandating that a higher level of officers at software companies attest to the security of the code. This may grab the attention of leaders in the “C” suite to actively comply with federal regulations. The interview ends with an examination of the complex issues federal leaders face. Josh observes that many in the commercial and federal world chase after “bright shiny objects” a can take they are off the goal. He observes that complexity does not always mean effectiveness. Listen for the MGM details and lessons to streamline your federal agency. Follow John Gilroy on Twitter @RayGilray Follow John Gilroy on LinkedIn  https://www.linkedin.com/in/john-gilroy/ Listen to past episodes of Federal Tech Podcast  www.federaltechpodcast.com      

Some will argue that providing cybersecurity to a federal agency is a balancing game. On the one hand, you must encrypt network traffic; on the other hand, you provide a mechanism where this encrypted traffic is inspected. This must be done in compliance with many regulations and not have any impact on the speed of the network. Sounds easy when a group of software developers are arguing around a white board. However, in the real world this task must be accomplished in a rapidly changing environment in the hybrid cloud. Systems are under attack daily; mountains of unstructured data bombard federal systems on an hourly basis.  These factors moves up the level of complexity. Your system must be flexible enough to give you a thorough understanding of network traffic.  Some analysts call this “Cryptographic Agility.”  Chaim Mazal from Gigamon provides the listeners with an overview of the company, Gigamon. In business since 2014, they currently work with 87% of all Fortune 100 companies. They have recently announced an offering called “Precryption.”  It gives federal leaders deeper control of the TLS layer. During the interview, Chaim outlines how Preryption can reduce cost, overhead, and overall resources in an effort at deep inspection of network data. Ian Farquar is a colleague of Chaim’s at Gigamon. He has a magnificent phrase that talks about data. He once said, “look at traffic because that is where the truth is.”  Deep observability can give federal leasers and foot up on controlling massive amounts of data. Follow John Gilroy on Twitter @RayGilray Follow John Gilroy on LinkedIn  https://www.linkedin.com/in/john-gilroy/ Listen to past episodes of Federal Tech Podcast  www.federaltechpodcast.com