Federal Tech Podcast: for innovators, entrepreneurs, and CEOs who want to increase reach and improve brand awareness

James Eselgroth will lead a discussion about innovation and change in federal technology. Normally, one would think about solutions to problems. Traditionally, develop a list of changes, check each off the list, list, and move on. That may be a fantastic way to build a house, not that it simply does not work in today's dynamic software environment. In today's fast-moving technical climate, one approach is to use something called an MVP. No, not the National Football League kind of MVP, not Most Valuable Player, but a "Minimal Viable Product." A "Minimal Viable Product" is a concept that originated in agile software development. The idea was not to submit a complete, finished product but to present the essence, framework, or basics of a product and get feedback. This initial offering had to include working elements but omitted many of the details like user interface concerns and complex integration projects. During the interview, Jim explains how this concept applies to the federal audience. He references a quote from Federal CTO Clare Martorana who said "Demos, no memos." This temporary solution would be presented to stakeholders and see if it was a good fit. Alterations are made and the next iteration is presented. Listen to the interview to hear how Jim provides an overview of his innovation lab. This results in the MVP approach allowing for solutions to be built in two to four weeks. Highlight has a new offering called EdgeWerx. Look for announcements at https://highlighttech.com/

AI? Process mining? We owe it to the listeners to put the strange title into perspective. Some will argue that a federal agency is a collection of business processes. For example, a company turns in its taxes; a laboratory applies for a grant; and even federal agencies must comply with cybersecurity requirements. Some will label this process management. Because the federal government deals in billions of dollars these processes can be quite complex. Experts have evolved who can examine these processes and determine ways to improve the process. Because there are stacks and stacks of petabytes of data to be concerned with, the term "mining" has become popular to describe this kind of examination. OK. Step Two. We all know that artificial intelligence is trying to be applied to as many aspects of federal technology as possible. Many are talking about potential savings. However, this may be true with simple tasks like creating reports; however, complicated processes may present a challenge to artificial intelligence. If someone arbitrarily slaps an AI Process into a system, it could wreak havoc. Please remember that AI is derivative, and can absorb previous systems but not necessarily offer anything new. During this interview, Christopher Radich breaks down some concepts that Celonis uses to gain a deep understanding of complicated processes before AI gets a chance to work. For example, they have pioneered applying the concept of digital twins to processes. This is a way that a process can be evaluated to discover the implications of process change. Follow John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Listen to past episodes of Federal Tech Podcast www.federaltechpodcast.com Process Mining for Dummies https://www.celonis.com/ebook/process-mining-for-dummies/

In today's interview, Guarv "GP" Pal from stackArmor presents a warning call to let people know that a sudden jump into any technology can present unintended consequences. He offers suggestions to make AI meaningful, safe, and dependable. Everyone remembers Bill Murray on Groundhog Day having the same experience over and over. After a few years of experience in federal technology, we are looking at something similar. First, the commercial sector I dazzled. Next, federal technology leaders feel like they must get in the same boat. A few years ago, many agencies jumped headfirst into the cloud, and then FedRAMP had to come along to put some guides on the cloud experience. Fast forward to 2024, today's Artificial Intelligence is falling into the standard pattern. Federal technology leaders can feel left out and make a quick adaptation, then later guidance emerges to rectify some of the unintended consequences of artificial intelligence. Researchers are seeing security vectors that are unique to AI. What security principles should be considered when putting together a Large Language Model? Can a bias be introduced? What controls do you have in place today that you can apply to your agency's AI journey? To bring in a diverse set of opinions to offer guidance, GP discusses his company's development of an AI Risk Intelligence Center of Excellence. They have assembled a high-power group of leaders with federal experience to provide training models and actionable steps for making a safe and secure transition to AI.

The first part of this interview is a fascinating description of how John Kindervag produced the concept of Zero Trust. In the early days of networking, many users were described as "trusted users." John questioned as to why they did not take the next step and verify then. The response was classic – because it would be rude. Fast forward a few decades and we see countless breaches and billions of dollars of intellectual property lost because of fear of offending the sensitivities of users. Back to 2011. Interfaces on firewalls could have varying levels of trust associated with them; the question from John Kindervag was, "why any levels at all?" His idea of zero trust resonated in the commercial and federal marketplace. For example, an Executive Order was issued in May of 2021 mandating the adoption of zero trust for the federal government. During the interview John Kindervag presents a fascinating contrast between the attack surface and the protect surface. This is a framework to allow federal leaders to prioritize what data to protect. To gain a better understanding of how to deploy Zero Trust, The National Security Telecommunications Advisory Committee was established. It presents a five-step model and shows how to build Zero Trust one protects surface at a time. Listen and learn about the Cloud Security Alliance and myriad ways to develop expertise in the nuances around incorporating Zero Trust into your federal network. Mentioned in the interview: What is Zero Trust Architeture? https://www.illumio.com/blog/what-is-a-zero-trust-architecture

On December 13, 2021, an Executive Order titled "Executive Order on Transforming Federal Customer Experience and Service Delivery to Rebuild Trust in Government." This initiative reflects the greater commercial experience. Because people are now so comfortable with transactions on a phone that customers are using sites that present as "user friendly." When combined with the Covid information that the federal government was presenting, the idea of improving the user experience only makes sense. Thelma Van is an articulate and experienced professional with user experience. During this interview, she takes the topic from a high level the level of the click. The interview covers topics like infrastructure, common communication, and a focus on user needs. When it comes to defining user experience or UX, it is a formal method to evaluate functionality. In other words, how a typical user attempts to complete a task on a website. Thelma Van suggests that if agencies are interested in improving user experience, then they should start with getting as many stakeholders as possible in a room and listening to the challenges they express. Although there are tools like heat maps and speed evaluations, her experience makes her put the focus on human beings first. The federal government is going through a "digital transformation." Many focus on important topics like identity management, software bills of materials, and even graphics processors. This is the interview that shows listeners that software development should put primary emphasis on the people the systems are designed to serve. Follow John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Listen to past episodes of Federal Tech Podcast www.federaltechpodcast.com

DoD tossed the revisions to the OMB; the 300,000 people in the DIB are waiting with 'bated breath to see what it looks like in the Federal Register. Will it be a "final" rule? Will it be an "interim" rule? The first paragraph sounds like an academic dispute in an ivory tower; that "tower talk" is particularly important for the 300,000 companies that comprise the defense industrial base. Today, sit down with Kevin Hancock from Exostar. He will give you his thoughts on this important piece of federal regulation. If you wanted to classify this transition as revolution or evolution, you would have to side with the Darwin followers. The CMMC is not anything new, this is just the next logical step. Smaller companies may earn a living as subcontractors to a large prime contractor. The large organizations are making inquiries to all their partners to see where they stand with CMMC. May are looking in the mirror and asking, where do I start? During the interview, Kevin Hancock from Exostar breaks the process down into segments that any company can understand. He explains that ten companies may have ten different sets of requirements to comply with CMMC. For example, do you have the expertise to run the requirement in-house? Even if you did, is this the optime way to use their time? Will an application from a company like Exostar be able to leverage the skill set you have in-house? Your company may just need a few templates to complete. However, you may be in a situation where you are looking at six months to complete an 18-month project. Had you started earlier, you would not have been in the situation. We all understand that CMMC was put in place to safeguard controlled unclassified information and controlled unclassified information. These are reasonable requirements, yet each person listening to this podcast may have a different journey. Exostar can help. Follow John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Listen to past episodes of Federal Tech Podcast www.federaltechpodcast.com

There was a time when a "snapshot" of a federal system was taken, and its security posture was evaluated based on the moment in time. That may have been a tolerable solution when a network consisted of two dozen personal computers and a server down the hall. However, this superficial approach will not work with today's networks in constant change. For example, data is exploding and entering systems from a wide variety of portals. Add to that the devices that deliver that tsunami of data are doubling and tripling themselves. During this interview, Jonathan Trull from Qualys gives his opinion on the state of today's federal technology when it comes to vulnerability assessment, configuration settings management, asset management, and dynamic application security testing. He also addresses qualitative aspects of managing assets. Jonathan Trull refers to the weakness of a "checkbox" approach to managing assets. In mature systems like the federal government has today, you may discover managed and unmanaged assets. Just because you check the box on "managed" assets, this does not mean it is professionally managed; it may be poorly managed leaving a system vulnerable. Software development is all about Minimum Viable Products and frequent changes. Terrific for agile software development, however, each update means a new weakness could be introduced. Federal leaders must embrace agile methodologies and keep systems safe at the same time. This means everyone should consider dynamic security application testing as part of a prudent network safety analysis. This interview will give you a good introduction to how to keep enterprise systems safe in a world of constant change. Follow John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Listen to past episodes of Federal Tech Podcast www.federaltechpodcast.com

Thousands of books have been written about agile software development since the release of The Agile Manifesto back in 2001. It was a noble, but frustrating concept two decades ago. They really did not have the tools to have informal teams combine to complete complicated software development projects. For example, if your team were in one building, you could meet daily and provide updates on agile topics like product backlog and continuous integration. This face-to-face approach hit a wall when team members were remote. Back in 2006, the founders of Bluescape saw the problem and started to develop technology that allowed professionals to accomplish the task of process management and workflow automation. In 2011, the Scaled Agile Framework (SAFe)started releasing frameworks for assisting larger organizations deploy agile methodologies. Bluescape works well with the principles of SAFe. During the interview, Norm Literini describes how Bluescape provides a platform to allow software to be developed in a flexible manner. It provides common operating tools to unite sectors, this can be in software, crisis response, of cross-functional planning. Further, Bluescape is FedRAMP and IL4 / IL5 compliant so federal systems managers can rely on a system to produce software safely as well as effectively. Follow John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Listen to past episodes of Federal Tech Podcast www.federaltechpodcast.com

The world is exploding with data and the need for systems to manage it. Unfortunately, we are not seeing a commensurate growth in people who are getting trained in software development. Let's state the obvious: the need for coding is driving companies to look at ways to reach project milestones creatively. Companies like Nintex offer what they classify as no code, low code solutions. Essentially, they look at ways to systemize code creation. Let's put this concept into perspective. In 1999 Salesforce popularized the concept of software-as-a-service. It became the world's largest software firm in 2022. One could consider low code, no code as a compromise between prepackaged systems like Salesforce and companies who laboriously wrote each line of custom code. This approach provided a reduction in development time, along with an added benefit of scalability. One weakness of custom coding is the time-consuming process it takes. Today, we see individuals in companies jumping on "shadow IT" where they use systems that may be included in the purview of systems administrators. Speeding up projects with no code, low code acts as a deterrent to the dangerous jump to unauthorized code on networks. During the interview, Steve Witt talks about the popularity of low code, no code in the commercial world. Many estimate that 84% of today's enterprises turn to low code, no code. The interview includes Steve's differentiation between Business Process Automation and Robotic Process Automation. Furthermore, listen to the comparison Steve provides between low-code and no code systems to see what approach may benefit your agency. Follow John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Listen to past episodes of Federal Tech Podcast www.federaltechpodcast.com

One of my goals in "Federal Tech Podcast" is to let federal leaders get an idea of what new companies and ideas are available to help them reach their goals. Well, everybody knows Google. This is an interview with Leigh Palmer from Google to bring to light some unknown areas of Google. Leigh provides Google's perspective on major cloud issues, like defining "cloud native" and giving her opinion on the hybrid cloud. She thinks that federal leaders should look at the success Google has had with commercial organizations. To accommodate that knowledge transfer, Google Public Sector was launched in 2022. It has gotten so popular that they now have an annual conference dedicated to the federal government called the Google Public Sector Conference. At the last conference, a couple of innovations were expanded upon. During the interview, Leigh Palmer details some of the advantages of what is called Codey. Finally, you can evaluate code with the assurance of a company the size of Google standing behind it. https://blog.google/technology/developers/google-colab-ai-coding-features/ Recently, we have seen the OMB provide a FedRAMP draft memo seeking comments on changes to the venerable FedRAMP. We all know that FedRAMP was released ten years ago; many do not realize that this is the first change. Some of the recommendations include guidance on cloud deployments as well as a suggestion to move away from dedicated clouds. Leigh has been involved in helping federal agencies reach goals for decades. Listen to learn how agile and innovative a big company like Google can be. Follow John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Listen to past episodes of Federal Tech Podcast www.federaltechpodcast.com