Federal Tech Podcast: for innovators, entrepreneurs, and CEOs who want to increase reach and improve brand awareness

Ep. 114 Improving Digital Adoption for Secure Federal Technology Commercial enterprises and the federal government have a challenge in managing the tremendous tsunami of data that has been released in the past few years. On top of that, federal agencies are under an unfunded mandate to adopt Zero Trust for all its systems. During this interview, Billy Biggs from WalkMe suggests that Artificial Intelligence may provide solutions to this complex problem. He begins by addressing the concept of digital automation. For example, when a person requests time off, they may have to engage five separate systems. With automation, you can reduce that complexity. Billy Biggs looks at artificial intelligence from a longer perspective. He observes that today's Artificial Intelligence may be the worst one will see in their life. One approach he likes to see is a focus on increasing productivity with AI on a small scale first, then raising the level of adoption. His overall message is that AI will make substantial changes and humans will have to be trained in the new applications. This process cannot be done in a traditional classroom, it must be done in a process where training is done in an environment where training is built right into the application. A true digital transformation cannot waste time, it must look at how an AI system works identify the top ten issues, and create user efficiency with that approach. That way, time is not wasted teaching people about aspects of any new application that are not pertinent. Follow John Gilroy on Twitter @RayGilray Follow John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Listen to past episodes of Federal Tech Podcast www.federaltechpodcast.com

Josh Brodbent has an amazing technical background. When he was still in his teens, he started a company that managed services. For the past twenty years, he has immersed himself in the world of technology with a particular focus on ICAM and cyber security. During today's interview, we tapped his technical expertise to comment on some trends in cybersecurity that can impact the federal government: the MGM hack and CISA updates. The MGM attack was a curious combination of old-school methods and artificial intelligence. According to reports, a malicious actor used a telephone call to gain access to a system. The telephone number was easy to find; the rest of the pieces of the puzzle were available through social media. This new vector launches a new portmanteau. It combines voice with phishing to yield "Vishing." The real talent in this attack was the convincing phone manner, with doses of urgency, which allowed the hackers to get into the MGM system. They set up some ransomware and walked away with an estimated 100 million dollars. Josh Brodbent looks at the recent announcement from CISA. To use securely developed software, they a. mandating that a higher level of officers at software companies attest to the security of the code. This may grab the attention of leaders in the "C" suite to actively comply with federal regulations. The interview ends with an examination of the complex issues federal leaders face. Josh observes that many in the commercial and federal world chase after "bright shiny objects" a can take they are off the goal. He observes that complexity does not always mean effectiveness. Listen for the MGM details and lessons to streamline your federal agency. Follow John Gilroy on Twitter @RayGilray Follow John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Listen to past episodes of Federal Tech Podcast www.federaltechpodcast.com

Some will argue that providing cybersecurity to a federal agency is a balancing game. On the one hand, you must encrypt network traffic; on the other hand, you provide a mechanism where this encrypted traffic is inspected. This must be done in compliance with many regulations and not have any impact on the speed of the network. Sounds easy when a group of software developers are arguing around a white board. However, in the real world this task must be accomplished in a rapidly changing environment in the hybrid cloud. Systems are under attack daily; mountains of unstructured data bombard federal systems on an hourly basis. These factors moves up the level of complexity. Your system must be flexible enough to give you a thorough understanding of network traffic. Some analysts call this "Cryptographic Agility." Chaim Mazal from Gigamon provides the listeners with an overview of the company, Gigamon. In business since 2014, they currently work with 87% of all Fortune 100 companies. They have recently announced an offering called "Precryption." It gives federal leaders deeper control of the TLS layer. During the interview, Chaim outlines how Preryption can reduce cost, overhead, and overall resources in an effort at deep inspection of network data. Ian Farquar is a colleague of Chaim's at Gigamon. He has a magnificent phrase that talks about data. He once said, "look at traffic because that is where the truth is." Deep observability can give federal leasers and foot up on controlling massive amounts of data. Follow John Gilroy on Twitter @RayGilray Follow John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Listen to past episodes of Federal Tech Podcast www.federaltechpodcast.com

In Calvinball, the rules were always changing. When it comes to the DoD's Cybersecurity Maturity Model Certification, it seems to look increasingly like Bill Watterson's masterpiece, Calvin and Hobbs. Today's interview is with Dr. Amy Williams from Coalfired Federal. She has years of experience in the nuances of CMMC and has a strong academic background to be able to understand complex topics and present them in an understandable manner. Amy begins the interview with the range of activities that companies have regarding CMMC compliance. Some companies have invested thousands of hours in preparing for this rigorous compliance;. On the other hand, some organizations do not realize it could be a twenty-four-month process and if they delay starting, they could compromise future business. One of the main takeaways from the interview is the timeline on CMMC that Coalfire Federal provides. It has been a circuitous route where the DoD was vociferous about the program and then had a mysterious quiet period. Then, like Venus sprouting from Zeus's brow, the DoD releases more details on CMMC. Dr. Amy Williams observes that companies should know what is essential and what is superfluous at the varying levels of CMMC. Many defense contractors are already working 10-hour days without the burden of CMMC compliance. In order not to waste time, a framework is given as to when a company should consider using a consultant and when to bring the compliance work in-house. The episode ends on an optimistic note – it was observed that the baseline of compliance, a mere seventeen controls, is basic cybersecurity for any modern company. These include basics like multifactor authentication and understanding where important documents are located on your network. Follow John Gilroy on Twitter @RayGilray Follow John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Listen to past episodes of Federal Tech Podcast www.federaltechpodcast.com

In the early days of computer networking, one was taught to make the network hard on the outside and soft in the inside. A more popular variation on this concept was your network should be like a castle with a moat around it to prevent entry. Well, both metaphors have been destroyed. Today, you would be naïve if you did not assume the bad guys are inside your network. The proposed solution is, of course, zero trust. However, you do not flip a switch and have a zero-trust network assembled. Before the world ushers in the panacea of Zero Trust, federal technology leaders must have tools to protect what is going on inside the castle walls. Early attempts Intruder Detection Systems. This approach could generate false positives, needed full-time monitoring, and was expensive. During today's interview, Mark Bowling from shares with the audience a concept called Network Detect and Response. They begin with complete network transparency. Through proprietary means, they could gain complete visibility on a network. Years ago, a federal agency could walk down the hall to see the network; today's networks are flooded with remote sensors, contractors, new employees, and remote workers. This dynamic nature makes it difficult to draw up a rough diagram, not have a thorough understanding. Even if you did, this network would be changing with virtual systems spinning up and containers adding to the confusion. Mark Bowling has decades of experience with highly classified documents on highly secure systems. He suggests thorough visibility allows leaders to set up a tiered structure to locate high value assets and protect them first. Follow John Gilroy on Twitter @RayGilray Follow John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Listen to past episodes of Federal Tech Podcast www.federaltechpodcast.com

Traditionally, a threat was detected, and a remediation plan was deployed. This is classic Endpoint Detect and Response (EDR). Would that life be that easy. Today, we have malicious actors using generative Artificial Intelligence to slightly alter code, so it doesn't resemble previous attacks. This kind of eliminates the "detection" part of EDR. This isn't rare anymore. In fact, in August of 2023 Deep Instinct did a study where it concluded that there was a significant increase in cybersecurity attacks fueled by generative Artificial Intelligence. Some findings · 75% increase in attacks last year · 85% if these attacks are attributed to generative Artificial Intelligence During today's interview, Carl Froggett from Deep Instinct gives an option to run-of-the-mill EDR. He gives the listeners an overview of how Deep Instinct started. He explains that, originally, they relied on open source for data on attack activity. However, researchers discovered that open source was not powerful enough. Deep Instinct decided to develop proprietary ways to look at massive data streams to determine if there were threats. They started with Artificial Intelligence, moved to Machine Learning, and focused on the algorithm associated with a concept called Deep Learning. They have had tremendous success. One determinate of effective threat screening is reducing false positives. This is a significant problem. In the interview, Carl Froggett suggests that if an organization has 30,000 events a day and just 1% are false positives, this can be a massive drain on work for cyber professionals. When your opponent uses Artificial Intelligence then you must respond in kind; learn how Deep Instinct can assist your agency in today's brave new world. Follow John Gilroy on Twitter @RayGilray Follow John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Listen to past episodes of Federal Tech Podcast www.federaltechpodcast.com

Everyone who has watched everything from Star Wars to Star Trek has never encountered some of the problems we see in space today: collisions and space junk. It just doesn't make for a good story on the big screen. However, the reality is that there will be 30,000 satellites launched before 2030 and we are encountering challenges in what is called situational awareness. In this application, situational awareness is the concept that a satellite must know where it is heading, and whether other objects in space may be on a collision course. This is such a complex problem that companies like Kahan Space have had to take advantage of technology like cloud computing and artificial intelligence to make space exploration safe. Today, we sat down with Araz Feyzi, one of the co-founders of a company called Kahan Space. The problem that is solved is simple to describe, but incredibly complex to solve space situational awareness. During the interview, Araz gave a great explanation of the problem. For example, on the high seas, there is international law that has been established if there is an incident. However, in outer space, there are no rules of engagement. If a satellite is heading towards an American satellite, there is no law or regulation to tell the satellite operators what to do. This is such a complicated problem that Kahan Space was launched to enable satellite operators to be able to predict trajectories. The cloud's ability to store and compute must be utilized to have a better outcome when there is an incident. The term Araz uses is the popular "orchestrate." Normally used for terrestrial data processing, it is increasingly being used for analysis of complicated satellite patterns. Follow John Gilroy on Twitter @RayGilray Follow John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Listen to past episodes of Federal Tech Podcast www.federaltechpodcast.com

Today, we have Will Laforest from Confluent explain how federal leaders can harness the power of data streaming. We all know that data has exploded since the advent of cheap storage, remote computing, and the proliferation of the Internet of Things. Several lessons have been learned. First, just because you have petabytes of data doesn't mean it can help in making decisions; second, if you delay acting on that data you can leave your agency vulnerable. The Federal Data Strategy recognizes these concepts. In this interview, Will LaForest unpacks the idea of getting insights on perishable data. His company, Confluent, was founded in 2014 by engineers who leveraged an open-source project called Kafka to enable systems to absorb data in real-time. During the interview, Will provides guidelines on understanding concepts like low coupling, microservices, and data meshes. The foundational concept is to allow federal agencies to ingest data rapidly and be able to take advantage of the plethora of information to assist in making decisions that need to be made rapidly. The best example that Will LaForest gives is threat intelligence. When a malicious event occurs, time is of the essence. Rapid response can mitigate any damage that is done by many cybersecurity events. Follow John Gilroy on Twitter @RayGilray Follow John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Listen to past episodes of Federal Tech Podcast www.federaltechpodcast.com

Kenny Rogers once had a popular song where he sand, "There's time enough for countin' when the dealin' is done." Well, there was a lot of spending during Covid and now is the time to reflect on how we could have optimized that spend. In the studio today is Tom Voshell from Coupa. He will bring a new perspective on how to efficiently allocate resources. The focus is not on shopping for the best price; the emphasis is to admin that acquisition is a complex process and systems should be administered to make sure the spend is optimized. The initial example he gave was the four billion dollars that is spend annually by the GSA on P cards. When used properly, this spend can result in a 25% savings. Combine that with properly administered points, this can allow an agency to have funds for much needed equipment or services. Tom Voshell details the difference between a proactive and a reactive spend. In another example, if a person in Utah wanted to get landscaping, they may select a company. Perhaps they did not know there was already in place a negotiated agreement between the federal government and a local landscaping company. There was no malice intended, but it is possible that the person making the decision had no idea about systems and procedures for getting a job done. Tom Voshell recommends an approach that is systematic and user friendly. This is the way to optimize existing funds as well as leverage any benefits from using cards to purchase goods and services. Follow John Gilroy on Twitter @RayGilray Follow John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Listen to past episodes of Federal Tech Podcast www.federaltechpodcast.com

Donald Rumsfeld is famous for saying there are "unknown unknowns." Today's interview with OnSolve takes this concept down a practical road: once something Is known, how can you quickly inform people of the issue? When it comes to the federal government, notifications can range an incredible gamut. A systems administrator needs to know if a server is malfunctioning in a data center; a FEMA administrator needs up-to-date information on weather conditions; satellite operators need to know if a collision is imminent. OnSolve has been helping commercial organizations as well as the federal government since 1998. Our guest today is Chris Hurst. He is no stranger to emergencies – he has served in war zones and has been responsible for life-and-death situations. During the interview, he articulates a brilliant concept. Today, the concept of situational awareness seems to be general. Kind of like, having a balanced diet. Chris Hurst takes the next step. He indicates that there is no monolith situational awareness. It should be thought of as a situational awareness that is applied to a specific use case. Local police feeds must be structured differently from natural disasters. Furthermore, Chris gives the listeners a great perspective on how each one of those organizations needs a varying level of depth in notification. But is it not just making people aware, OnSolve is attempting to gather sources from hundreds of places to be able to have better learning on the risk side. Listen for information on how your agency can benefit from understanding the range of options available when you consider risk notification. Follow John Gilroy on Twitter @RayGilray Follow John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Listen to past episodes of Federal Tech Podcast www.federaltechpodcast.com