Federal Tech Podcast: for innovators, entrepreneurs, and CEOs who want to increase reach and improve brand awareness

An American poet once wrote about reaching a fork in the road and he considered which path to take. When one attempts to consider branching logic and automation in complex technical systems, there is a lot of consideration given to which path to take. There may be lessons to be learned from Robert Frost's 25-line masterpiece. Today's discussion is with Thomas Kinsella, Chief Customer Officer and Co-founder of a company that focuses on improving automation. It is appropriately called Tines. Thomas Kinsella was asked to discuss a typical day in the life of a person working in a Security Operations Center, or SOC. He describes it as a plethora of alerts, new data, and disjointed tools. His description of the SOC was kind of like One Day in the Life of Ivan Denisovich by Aleksandr Solzhenitsyn. The story is almost as monotonous as a Soviet era gulag, although the remuneration may be slightly higher. Thomas Kinsella describes issues with alert fatigue, difficulty of finding good staff, and incompatible systems that make duplicative works. He and his co-founder decided to come up with a better solution, they founded Tines. During the interview Thomas Kinsella describes how they have been able to use technology to assemble data from a variety of sources. This was to address the idea of alert fatigue, if an incident was possibly confirmed, then it should be pursued. Secondly, the way to address staff shortage was to design a visually based system so that an untrained individual could drag and drop actions into a sequence. In fact, Tines provides playbooks for many scenarios in a secure environment, he calls them playbooks. The result is a system that can produce a Secure Orchestration Automation and Response system that is easy to use, scalable, and doesn't need the expertise of a PhD. in computer science. For more on Tines, please read the blog "Cybersecurity in 2024: Five Predictions from our co-founders" = = = What's your score? Take the Podcast Appearance Scorecard www.podscorecard.com Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Got goin' to Mars on your bucket list? Listen to Constellations Podcast https://www.kratosdefense.com/constellations/podcasts Want to listen to other technology podcasts? www.Federaltechpodcast.com

Today we sit down with Susan Kidd and Valinder Mangat and discuss FedRAMP. Some will argue that FedRAMP is an unruly thirteen-year-old. Although FedRAMP has authorized over three hundred public service cloud providers, there is much work to be done. For example Valinder Mangat opens the discussion by noting that we have approximately five hundred applications in the pipeline. We have a situation where manually reviewing compliance is going to be too difficult. As a result, FedRAMP is making changes. They are starting to automate the process, causing companies to become familiar with a new acronym, Open Security Controls Assessment Language, or OSCAL. During the interview, Susan Kidd reviews her philosophy that ties into understanding OSCAL. It has been her experience that there is a limit to working hard; the best results are accomplished when one takes advantage of automation and can work smart. To that end, Susan Kidd launched something called Idea Labs, an initiative that can assist federal agencies in modernizing their automation processes using OSCAL. Today's compliance is not just a check box item. In the interview, Valinder Mangat details aspects of software development. There was a time when code was released and approved, like a snapshot. Today, there is a continuous improvement model in effect along with continuous testing. The only way to accomplish that is to leverage technologies like OSCAL to keep up with changes in threat actors and best practices for handling mountains of data. Valinder Mangat has a nice summary of this consideration: champions of innovation instead of captives of compliance. In other words, technology can be leveraged so a company does not take six months to get approved. OSCAL puts tools into the hands of federal leaders faster. More details about the IdeaLab at DRTConfidence. = = = What's your score? Take the Podcast Appearance Scorecard www.podscorecard.com Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Got goin' to Mars on your bucket list? Listen to Constellations Podcast https://www.kratosdefense.com/constellations/podcasts Want to listen to other technology podcasts? www.Federaltechpodcast.com

If you were to take a class in Data Management 101, you would walk into the classroom on the first day and be bombarded with terms like data lake, data warehouse, and data mart. Phew. Where to begin? Let us jump to a federal agency. They are being deluged with data from low code no code, big application platforms, and let us not forget legacy applications that are not in the cloud. How to manage this ball of data confusion. Once it is overseen, how can an agency share information with outsiders to allow for data collaboration? We begin today with a solution offered by a company called Snowflake. Winston Chang suggests that if can take advantage of a single platform, you can abstract the data layer which allows you to manage the data more effectively. OK. Now that we can look across data sets, we encounter the problem of what eyes get to see. Who gets to see what columns and rows and who does not? Winston Chang suggests that a data platform will enhance collaboration by allowing leaders to be able to decide which information, or parts of information, will be available to which parties. During the interview, Winston makes some provocative statements. He argues that if we want to focus on infrastructure, then the data itself must be considered as the infrastructure. If this discussion provokes more detailed information, you may want to consider attending the "Data for Breakfast" conference on March 7, 2024, at Tyson's Corner Ritz Carlton. You can question experts from Snowflake on topics as varied as artificial intelligence and managing data as a platform. What's your score? Take the Podcast Appearance Scorecard www.podscorecard.com Want to listen to other technology podcasts? www.Federaltechpodcast.com Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Got goin' to Mars on your bucket list? Listen to Constellations Podcast https://www.kratosdefense.com/constellations/podcasts

A recent study by Deloitte indicates that 67% of executives struggle with data analytics. The knight in shining armor that offers a rescue is artificial intelligence. Today's interview pours the promise of artificial intelligence into both ends of the spectrum: qualifying data sets that are being used and, subsequently, producing explainable results. The headline overview of artificial intelligence involves writing a report by ChatGPT. Although that may be true, the article will be derivative and will not move the ball intellectually. You will hear Kyle Rice discuss how Virtualitics can use artificial intelligence methods to look at data sets that are being investigated. Once those libraries are produced, then they can take artificial intelligence to look at making conclusions. When analysis is approached from that point, you eliminate the guess-and-test method. That is to say, there is a good chance that the hypotheses that are created by humans. In other words, you will not spend precious time trying to answer the wrong questions. Virtualitics poses that a rational way to generate data sets can give users the ability to form elusive data-derived decisions. During the interview, Kyle describes the approach as "intelligent data exploration." The added value of this approach is defensibility. For example, if a data scientist produces a conclusion, their sources can be questioned. Instead of pointing to a black box in the corner, a team can produce explainable artificial intelligence. Interested in reading more from Virtualitics? Why AI's Success Depends on Making it More Explainable and Conversational What's your score? Take the Podcast Appearance Scorecard www.podscorecard.com Want to listen to other technology podcasts? www.Federaltechpodcast.com Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Got goin' to Mars on your bucket list? Listen to Constellations Podcast https://www.kratosdefense.com/constellations/podcasts

We begin this episode with a shocking statistic: 80% of hybrid cloud breaches involve credential abuse. During the interview, Jimmy McNary from Semperis unpacks the whole concept of protecting identities in the hybrid cloud. The interview covers a wide range of topics. First, we start by taking a view of how large systems have evolved. Larger systems tend to have two or more identity processes, and Active Directory from Microsoft has a 90% share of that overall market. Secondly, some identity systems can use outdated Identification Access Management systems. Thirdly, we have employees and contractors who enter and leave systems. This can produce confusion in de-provisioning access. Putting all three together produces a perfect storm for malicious actors. They can use tools to scan systems for vulnerabilities in, for example, identification processes, and set up an attack. Semperis uses Active Directory as the starting point to orchestrate identification. They can stop malicious actors before they attack, during the attack, and help post-attack. In a poignant example, Jimmy McNary relates the story that some organizations spend significant amounts of money on backups, including immutable backups. Unfortunately, they forget about backing up Active Directory. We know that it is likely the attack vector included Active Directory, but it is not protected. This is a scenario where the system is restored, and the malicious actor has retained credentials to allow him back into the system. Jimmy McNary provides practical tips to avoid these frustrating situations. = = What's your score? Take the Podcast Appearance Scorecard www.podscorecard.com Want to listen to other technology podcasts? www.Federaltechpodcast.com Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Got goin' to Mars on your bucket list? Listen to Constellations Podcast https://www.kratosdefense.com/constellations/podcasts

The title of this podcast is "Federal Tech Podcast." For many people, this evokes an image of stacks and stacks of servers in a windowless data center. Today's interview shows listeners how that data can be unlocked and put in the hands of front-line officers, whether they are federal or civilian. Bob Griffin from Siren has been involved in bringing data to online operators for decades. During the interview, he presents a challenge that many encounter. In one example he gives, a person drives up to a warehouse in the middle of the night and sees an unexpected car. The idea I to get as much information as you can in front of the officer. In years gone by, this has been done with desktop computers. An officer may have to communicate with an office where someone may run a search. There is no doubt that this is an effective method. Siren has been the leader in the unique ability to look at various data silos and search them for salient information. In this interview, Siren announced a breakthrough that takes the traditional ability of a desktop and puts it in the hand of a mobile device the officer. Finally, time is not wasted. An officer can approach a situation and be prepared with actionable insight into perpetrators and take appropriate action. Finally, data that fulfills the role it was designed for, making burdensome tasks faster and easier for users. Get any mileage out of your last podcast appeareance? Take two minutes to complete the Podcast Appearance Scorecard

Today, we look at the proper way to manage the hybrid cloud for federal projects. Our guest is the Chief Technology Officer for Thundercat Technology, Kurt Steege. Kurt has an extensive background that includes a stint as the Chief Enterprise Architect at the FBI. An argument can be made that the move to the hybrid cloud can increase flexibility and reduce cost; an equally valid argument can be made that the increasing complexity of the hybrid cloud can cause poor visibility, insecure data transmission, and compliance issues. We see federal agencies not getting boxed into a corner by using more than one cloud service provider. This may be great for financial reasons, but the hybrid cloud, by definition, is going to be much more difficult to observe. The risks are always changing, some cybersecurity experts say that Application Program Interfaces are the new attack vector; a multi-cloud system makes accounting for all of them hard. Another obvious fact, if your agency moves to the "XYZ" cloud, there is a transmission of data. If they go ahead and send another application to the "ABC" cloud, there is another communications port. Each one adds to the attack surface for an agency. Finally, each cloud service provider has diverse ways of offering compliance. At the end of the day, a federal official must sign off on the compliance. Understanding the subtilities of these differences may cause excessive delays. Thundercat Technology has a white paper that could help. It is titled "Cloud Transformation Leads to Better Outcomes for Government Agencies."

If you do a Google search on "Leadership" you get five billion results. Seems like a topic that has been given tons and tons of attention. A better way to gain an understanding of leadership is to seek out examples of poor leadership and try to avoid them. Enter, How NOT to Lead: Lessons Every Manager Can Learn from Dumpster Chickens, Mushroom Farmers, and Other Office Offenders. The latest book from Dr. Chase Cunningham This is an interview with Dr. Chase Cunningham where he gives his reasons for authoring the book and the origin of many of his stories. He has a fascinating background that includes being raised on a farm in Texas, working in sensitive military areas, and completing a Ph.D. Some of the chapter titles look like a setup from a professional comedian. He has chapter titles like Do not be a Dumpster Chicken Go Slow to Be Fast Beware the Brilliant Jerk Do not be a mushroom farmer. Do not chase unicorns. Yes, the chapter titles are brash and so are Chase's recommendations. Let us one tiny aspect of the book: the idea of starting a company, getting investors, and becoming a millionaire. That certainly is the goal of millions and millions of entrepreneurs. Chase has seen investors and innovators in action. He has seen naïve startups get dazzled with investment dollars give up control of companies, and become employees to a demanding task master. Wait a minute, one of the reasons for starting a company was to become independent. Chase tells the untold part of the "rags to riches" story of technology startups. An innovator may produce an idea and surround themselves with a core group that develops and makes the company grow. Many are hired with the promise of riches when the company goes public. What can happen is the founder falls for the trap where the company's value gets diluted, and the promises made to the initial group have been cast aside. When you buy and read this book you will be drawn into memorable stories about roping cattle, small boar maintenance, and keyboard warriors. Buy this book today to help you become a successful entrepreneur, a better leader, and a decent human being.

Over the years some technical terms are easy to understand for mere mortals – data centers, high-speed internet, and even identity management. However, when you mention the term "Kubernetes," a normal professional eye would glaze over. Some technical professionals may have to revert to making up some applications. Well, the wait is over. Today, world-famous Paul Smith from Rancher Government Services will give a working definition of Kubernetes and show how efficiently using this technology can reduce costs and improve security for federal systems. We begin the interview from 40,000 feet with a general guide to open-source software and Paul Smith gives an overview of Linux and Red Hat. That parallel seems to ring some chords. Next, the concept of "container" was expounded upon. A container is merely a bundle of software, this is portable. It can be used as plastic blocks children use. You can pick up the container and run it anywhere. When it comes to three-year-olds, the blocks end up all over the house! Now that the foundation is set, Paul Smith indicates that in and of itself, the open-source Kubernetes provides high availability and scaling; on the other hand, it can be difficult to install, complicated, and needs to be monitored. Today's federal hybrid clouds need a way to manage these containers. Enter, Rancher Government Solutions. During the interview, Paul Smith presents some of the challenges in a multi-cloud world. He includes comments on legacy systems, edge computing, and orchestration. If you would like more information on Rancher Government Solutions, please download the free whitepaper titled Pioneering Secure by Default Open-Source Kubernetes Solutions If you would like to attract customers to your company on your next podcast appearance, then should fill out the Podcast Appearance Scoreard. See where you stand and get some pracical tips and suggestions so you can leverage that next podcast appearance.

When people think of Amazon Web Services, they normally think of a data center. This was certainly top of mind when AWS hosted 10,000 at its Public Sector Summit in 2023. Today, we go in a different direction. Dave Rubal is a well-known innovator in the Washington DC technical community. He has decided to throw his hat into the ring with something called the Secure Tactical Edge. It makes sense. If you look at how storage and computing are changing. In a recent study, IDC predicts that in the future 75% of data will be collected at the "edge." The federal government has a myriad of ways to manage this "edge" concept. Civilian agencies may have one approach, and the DoD has another. In addition to being on the edge, they need to be able to deploy this concept in a tactical as well as secure method. During today's interview, Dave Rubal sketches out one aspect of that movement to the edge. He talks about how the DoD can securely use edge cases. In other words, the Secure Tactical Edge. Let us take a small task as an example, storage of video feeds. The DoD has facilities all over the world and needs physical security. It would be ridiculous to store these feeds in a data center across the globe. Further, there are retention policies that are in place to reduce the burden of storage. Another example may be unstructured data being collected all over the earth, and even above. Agencies must be able to architect a solution that takes advantage of innovation on the edge to reduce cost, improve flexibility, and provide data rapidly so warfighters can make decisions quickly. Here is a hashtag summary: #TacticalEdge #OperationalEdge #HybridCloud #EdgeComputing This is the episode that introduces the tried and true, "Up close and personal" Dave's avocation is to volunteer at his local fire station. He is a licensed EMT and has saved lives with his skills. Follow John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Listen to past episodes of Federal Tech Podcast www.federaltechpodcast.com