Federal Tech Podcast: for innovators, entrepreneurs, and CEOs who want to increase reach and improve brand awareness

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com A recent SAS report shows that 84% of government decision-makers plan to invest in Generative AI in the next fiscal year. During today’s interview, Reggie Townsend details some of the precautions federal leaders must take to leverage this innovative technology. We begin the interview by mentioning that, in a governmental setting, technology cannot go beyond what is necessary to achieve a legitimate aim.  Although that is a noble concept, it can be futile because we are in the incipient stage of this technology. We do not have any laws about using AI; we have a patchwork of national and international regulations on the ethical application of AI. We can start with the Executive Office of the President. In addition to other Executive Orders, President Biden released further guidelines his last week in office. While well-meaning, these guidelines are not practical when put into perspective of what is going on in other countries. Reggie Townsend indicates that AI Safety Institutes can promote consistency and a proper ethical response to using data from citizens to feed AI.

  Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Anyone with a pulse knows the new Trump administration has rescinded dozens of Executive Orders written by the previous president, Joe Biden. Executive orders #14110 and #14141, which dealt with artificial Intelligence, were part of this package. This has put the federal technical community in a state of expectation. On the one hand, they are charged with reducing costs by leveraging technology; on the other hand, they have a hiring freeze, and nobody knows what the new AI mandates will consist of. Today, we sat down with Jennifer Sample from EmpowerAI, a veteran of the tech wars, and asked her what direction developments in AI will take. Jennifer Sample reminds listeners that the federal government must consider privacy restrictions when applying AI to solving federal problems. Unfortunately, our near-peer adversaries have no such constraints. When the federal government attempts to apply AI, it does so inconsistently. The CIO Council may be able to list 1,700 federal use cases for AI, but the hard part is vetting the data sources and matching impact with agency goals. During the interview, Jennifer Sample discusses concepts like being AI ready, continuous qualification, and contextual governance. 2025 will force the federal government to do more with less; AI is a tool that can help accomplish that noble goal. If you want to hear a more in-depth discussion, she will speak at the Potomac Officers’ Club on March 12, 2025, in Tyson’s Corner, Virginia.   

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com A recent study showed that the federal government has identified 1700 use cases for Artificial Intelligence. Today, we examine some challenges and solutions for unlocking the power of AI represented in these examples.  Our guest, Joel Krooswyk from GitLab, examines Software Bills of Material, repatriation, and what efficiency might look like in the future. SBOM. For years, software developers have recommended using a Software Bill of Material. Today, its value has become so apparent that it is becoming mandatory. During the interview, Joel Krooswyk discusses the security benefits of mandating an SBOM policy for all federal software development. Fifteen years ago, Vivek Kundra coined the phrase “Cloud First.”  It took a while, but cloud adoption is pervasive by the federal government.  However, with this adoption, we have seen examples where cloud service providers may over-promise and under delivery. The interview provides guidelines for transitioning from the cloud back to the premises, which is increasingly called “repatriation.” Software development in the future will make compliance partner with DevSecOps in an automated process. This will reduce maintenance costs and provide real-time reporting.  Intelligent automation will be able to validate each step of the process.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com “Efficiency” seems like the new buzzword for federal technology in the next few years. When writing software sense, efficiency can mean writing code once and moving on to regular maintenance. However, we see security initiatives being mandated that cause developers to go back to previous stable systems and add code alterations to comply with new cyber threats. Even beginner efficiency experts will tell you the time and cost of operating in this manner can be expensive. Further, recording can add new bugs and risks, making the system more complex. Federal technology leaders from CISA have not lost sight of this. They have a “Secure by Design” initiative that addresses this issue. As in many tech concerns, the concern is how to accomplish this noble task. Today, we sit down with Nathan Jones from Sonar. He offers a solution that seeks to “shift left” the whole concept of security by design. His company provides systems that can review code to ensure its compliance. Further, he expands on an approach that can collaborate with developers while they write code. Nathan Jones gives listeners details about how Sonar’s Qube can be deployed on a server, in the cloud, or with IDE. The benefits are ample: lower maintenance, minimizing risk, and allowing a focus on innovation rather than rewriting code.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com People are getting comfortable with Generative AI and applying it to many business areas. This widespread adoption shows many of the weaknesses of individuals misusing technology. It is one thing to settle a baseball statistics argument with GenAI; another complete application when competing for a million-dollar federal contract that includes management of sensitive information. These include biased outputs, lack of creativity, and misinformation, to name a few. Today, we offer a solution. Vishwas Lele is the co-founder and CEO of pWin.ai. He has decades of experience in federal contracts and a sophisticated understanding of applied Artificial Intelligence. He has seen the reliance on cliches and superficial language that can result in the inappropriate application of AI for proposal writing. His solution is to partner with Shipley Associates, a proposal writing company that has been in business for fifty years and has technology that can safely use AI. The result: pWin.ai. If you would like a more detailed explanation, consider attending a webinar on January 22, 2025    

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Everyone reading this knows that April 15 is the dreaded day that one must pay federal income taxes. Big business has hordes of tax accountants and lawyers who do tax planning to accommodate federal deadlines. Sometimes, the deadline could be better known. Are you familiar with the OMB’s M-24-15? This will require companies to submit compliance information in a machine-readable format. Today, we sat down with Valinder Mangat from DRTConfidence. Valinder describes technology, deadlines, and approaches your company can use to comply. This interview will serve as a warning about an immense deadline that is crucial if you work with the federal government and cloud service providers. Essentially, NIST recognized that compliance done manually was time-consuming and subject to error. Back in 2016, they suggested OSCAL to streamline compliance. In addition to speeding things up, OSCAL allows for reuse without repetitive assessments. Whether you realize it or not, by the end of 2025, each federal contractor will be expected to provide compliance information in the OSCAL format, which stands for Open Security Controls Assessment Language. The other side of the coin is important to discuss as well. If you are an agency dealing with cloud compliance, you will be expected to be able to ingest compliance data in the OSCAL format.

Ep 206 Federal Data, Fast Access, Security Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com When it comes to technology, the founders of VAST Data can be described as “prescient.” In 2015, they looked at the problem of data management from a unique perspective. They did not want to call their company VAST “storage” but VAST “Data” because the problem they tried to solve was not the amount of storage but how to get instant and fast access to that data. The wave they rode was a combination of nVidia investing in graphic processing units and flash storage becoming more affordable. The result: VAST Data has grown to be valued at over nine billion dollars. During the interview, Randy Hayes details the value proposition of this innovation for federal projects. Their first customer was NIH, and they have built on that reputation ever since. Randy Hayes mentions that the current Zero Trust initiative begins with identification. Rapid, accurate authentication rests on fast access to data. Further, we have seen a resurgence in many organizations' migration from the cloud to on-prem solutions, mostly due to rising cloud costs and data sovereignty issues. VAST Data can provide efficient and quick ways to manage this data transfer. Innovation, dropping chip set prices, and understanding federal problems all allow VAST Data to assist federal agencies in accomplishing ambitious goals. If you want to learn more, VAST Data will attend the Nvidia GTC conference on March 17th in San Jose, California.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Complex environments exist in commercial organizations and the federal government. In a typical fashion, humans resist change until an incident force restructuring. In this case, the change of design will be costly. During today’s interview, Nick Pesce says that today’s systems are burdened to such an extent that structural change should start now, when it is easy and less expensive, and then wait for an incident that will cause change. Both guests, Nick Pesce and Don Lamb, have experience in federal government change management. They work for the well-respected MITRE, home of the ATT&CK framework. As a result, they can look at a systemic problem and see the solution. Their report, Recommendations for Creating Cross-Agency Enterprise Design Specifications, details ways to make this change. They also detail user stories and use cases and how to manage requirements and proofs of concept. Their argument goes that when combined with understanding mission objectives, the existing information silos in the federal government can be overcome.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Cybersecurity professionals like to talk about data “at rest” and data “in transit.”  They never mention how exactly this concept of “in transit” takes place. Once upon a time, in a data center far, far away, one could take a database and move it easily. Kind of like taking a suitcase in your car and driving across town. Today, federal agencies are deluged with so much data, is it more like dragging your entire house across town? Moving data today involves concepts like data tiring. This is an approach where data is taken to a third place and transferred from there. Due to limitations of latency, network bandwidth, and compliance concerns, this is a process that can take way more time than can be imagined. You may have some highly compensated data scientists waiting days for a complete transfer. Let us take another scenario. What if your agency has some data stored in a specific cloud provider? It may be discovered that charges were higher than expected and the data need to be returned to the on prem environment. If not done properly, this transition can be fraught with issues. Further, many federal agencies are sitting a veritable treasure trove of data, both structured and unstructured. These could be images, text, email, or video. Pure Storage offers ways to derive value from a wide variety of unstructured data. structured and unstructured data. These could be images, text, email, or video. Pure Storage offers ways to derive value from various unstructured data.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com We all know that in 1492, Columbus sailed the ocean blue. A couple of years later, a map maker named Americo Vespucci made quite a splash with a new map. This has a direct parallel with today’s information technology. Columbus really did not “discover” anything—it was there all along. When you look at an enterprise system, be it a bank in Houston or a federal agency, you may have only a hint of what is on your network. Who knows what kind of “ghost IT” has been added to your system? It could be a deliberate attempt by an employee to circumvent the compliance process; it could be a malicious actor who has entered your system. Today, we sit down with Tom Guarente from Armis, the “Asset Intelligence Company.”  Armis can take a detailed look at your network and provide you with actionable information. On-premises networks, endpoints, data centers, cloud, and hybrid cloud = a wide range of potential presences on your network. During the interview, Tom Guarente emphasized the importance of putting this information in proper perspective. When an asset is identified, its relationship to other assets and its context is just about as important as the ability to detect it at all. Armis can assist federal agencies with understanding relationships and vulnerabilities they did not even know they had.