Federal Tech Podcast: for innovators, entrepreneurs, and CEOs who want to increase reach and improve brand awareness

Federal leaders will attest to the statement, “Security must be top of mind throughout an application’s development.”  Today, we sat down with Jeff Gallimore, Chief Technology, and Innovation Officer at Excella to try to see how this noble concept can be applied to the amazingly complex and ever-changing world of federal technology. During the interview, Jeff highlights the areas of continuous improvement, naming conventions, and the shift left. If you were to watch a movie that entails police, you would undoubtedly encounter the abbreviation, CI, which stands for Confidential Informant. However, in today’s discussion of cybersecurity and software, CI brings a new meaning – Continuous Improvement. Jeff Gallimore describes CI as integral to keeping a software project safe. The concept was broached in 2001 with the Manifesto for Agile Software Development. A group of developers met on a mountaintop and gave principles for improving software development. Near the top of the list was their concept of “responding to change,” what we call continuous improvement. Chances are, those experienced developers could not have anticipated the drastic increase in Internet usage and attacks.  All this highlights the need to adapt code. Moving on to other terms, when asked to differentiate between DevOps and DevSecOps, Jeff did not want to engage in the latest nomenclature debate.  He thinks that federal leaders should focus on outputs, not on defining processes. In the time that a team debates DevOps, they can be moving on to another issue. Another phrase was defined – Shift Left.  No, nothing to do with politics, this refers to the traditional way software developers would write code.  They would have a large whiteboard and diagram the process of moving from left to right. In this context, a “shift left” indicates an interest in including cybersecurity at earlier stages of the software development life cycle. Jeff also commented on the role of automation in managing large hybrid cloud projects. Automation can be offered as the remedy to this complicated circumstance. However, the range of point solutions and platforms merely reinforces the importance of humans understanding the flow of a project.    

The podcast discusses F5's evolution from load balancing to cybersecurity, highlighting their focus on adaptive applications and leading role in federal technology. They explore the importance of data protection and application functionality, comparing their services like load balancing, app security, API management, and fraud prevention. The differences between Big IP and Genex in relation to Federal Information Security Acts are also discussed, along with the role of web application firewalls in protecting against application layer attacks. The podcast also covers topics such as the software development life cycle, security, adaptive applications' threat analysis, and the use of AI and ML for troubleshooting and problem resolution.

The podcast discusses the shortage of data centers due to the popularity of cloud-first emphasis, the challenges of transitioning to a data center, complexities of transitioning government agencies to the cloud, exponential growth of data centers in Northern Virginia, and predictions for the government's cloud transition and data center growth.

The podcast discusses the shift towards remote work in federal agencies, the challenges of identification in a hybrid cloud environment, and the importance of identity proofing. It also explores the role of intelligent automation in enhancing citizen services and the significance of user experience in this context.

All systems, including federal systems, are full of vulnerabilities. The question is, given a limited number of hours in the day and a limited staff, how can you optimize your resources to remedy this issue? Well, the Cybersecurity & Cyberinfrastructure Security Agency has released a Binding Operative Directive that targets that concern. It was released on November 10, 2023, and is titled, “Transforming the Vulnerability Landscape.” During today’s interview, Willie Hicks from Dynatrace will look at the whole issue of discoverability and what impact this new BOD will have on the federal community. If you examine the BOD from 40,000 feet, it transfers the focus from the federal technology leaders to the vendors. Instead of having a security announcement buried on a vendor’s website, CISA suggests it be posted in a machine-readable format. This way, updates can be automatically sent out so they can be ingested. The Vulnerability Exploitability eXchange helps users know if a given product is impacted. The military knows that if you defend everything you defend nothing. It allows links to the Software Bill of Materials so users can know about which vulnerabilities they should worry. Finally, they look at something called the Stakeholder Specific Vulnerability Exchange. This reinforces the fact that not all vulnerabilities impact all federal agencies. CISA suggests that agencies consider vulnerability frameworks that can assist in reducing risk. Will Hicks applies his years of experience in federal technology to unpack many of these concepts during the interview. He reinforces the concept of visibility. One cannont set appropriate priorities if one doesn’t know what is on the network.  Once that essential step is accomplished, then an administrator can use guidelines to set priorities.

It is all about alignment. When you hit a pothole, you need to get your car aligned; if you do not your tires will wear out and can cause an expensive repair to the bushings and ball joints of your car. Anybody who has worked on a federal technology project knows the world of digital potholes. Only in this case, the project halts because your agency’s data is not aligned with the agency’s goals. During this interview, Tom Scurlock from Talend explains how to make sure your data is clean and dependable. If you decide to jump into machine learning, you will discover the importance of data scientists give to having reliable data. The Talend website takes a quote from ancient Rome and applies it to today’s digital transformation. The phrase is “Fortune Favors the Prepared.”  You can take this to mean that if you are seriously looking at machine learning and artificial intelligence, it would benefit you to have a complete assessment of the quality of your data. The federal government is taking this ancient maxim to mind as well. The Evidence-Based Policymaking Act of 2018 established the Chief Data Officer’s Council. Currently, there are ninety members. This is a strong vote for the federal government to realize the importance of data. One of the results of being careful with data is it will allow agencies, and researchers analysts to produce reliable repeatable decisions and results. That sidesteps the inevitable arguments about the starting point of the analysis and gives most of the time to federal leasers for actual analysis and getting value for the data.

Once upon a time scientists would dream of the day when they could have enough information to make decisions based on data.  Young readers may have to go to history books to see computer science majors take stacks of punch cards to a computer room so they can get an answer in the morning. Fast forward to 2022, we have so much data we don’t know how to handle it.  The overview is simple – gather up a reasonable number of data sets and pour it through an algorithm and then out pops the answer.  For example, back in 2017, it was reported that the DoD collected 22 terabytes of data a day. You would have to add many zeros to that number to see what they are collecting today. As a result, people with a doctorate in mathematics, like Dr. Elsa Schaefer from LinQuest, must wrestle with questions about what data to gather to make valid decisions. During the interview, she used terms like Data Wrangling, Machine Language Operations (MLOps), and data brittleness.  It appears that there is as much an art as it is a science to competently gather data for decisions to be made.  The term “brittle” is intriguing.  Let’s say you have an application with a large data set that is working well.  It is quite possible that a systems architect can pour that data into a data set, and it may cause problems.  Because it may cause a system to break, it is called “brittle.” LinQuest is developing a platform to help federal leaders gain a better understanding of using machine data. Data scientists try different scenarios and algorithms to see how they hold up.  If you would like to pursue this topic further, you may want to download a fact sheet that details their Harness for Adaptive Learning. 

Renowned expert Greg Garrett discusses the challenges of implementing Zero Trust in federal agencies. He highlights the importance of practical ways to make the transition, such as data security and multi-factor authentication. The podcast also explores the challenges in developing a zero trust architecture, the complexity of orchestration in cybersecurity, and selecting the correct stack for Zero Trust. It emphasizes the need for customization and addresses future challenges in implementing zero trust in federal government agencies.

If you were to do a “thought cloud” of technology, you would see the usual suspects, companies like Microsoft, AWS, and Google. Nobody would include Elastic Search in this discussion, yet it is seen all over the place, perhaps the best kept secret in federal technology. Because it is capable of being modified in so many ways, it is difficult to categorize it. Elastic is a flexible tool that allows a federal agency to gain visibility on a wide range of fronts.   As a result, we see many federal projects where Elastic is in the background acting as the “glue” to get information from disparate sources.  Elastic is based on open-source code. During the interview, Christopher Towsend from Elastic defines the difference between Open Source and Open Security, referencing Elastic Search Technology. Let’s toss around some cybersecurity concepts that may produce data for a federal agency.  You may have systems that handle Security Information Event Management (SIEM), Security Orchestration Automation Response (SOAR), Extended Security Response (XDR), and even the lowly Endpoint Security (still seeking a snappy acronym). Because this is such a complex topic, Elastic has put together a free report titled, “Elastic 2022 Global Threat Report: A Roadmap for Navigating Today’s Growing Threatscape”    

There was a time in American culture when “living on the edge” was a social construct. Perhaps a person was a test pilot or motorcycle racer.  In terms of federal information technology, we all live on the edge. The edge referred to is, of course, the digital edge.  The wall protecting federal data has long been breached and technologies like Zero Trust are being implemented to protect vital assets. The term Secure Access Service Edge was coined by Gartner in 2019. It was a stodgy concept at the time and then COVID hit. The millions of remote sessions were causing technology leaders to evaluate the way they handled security.  Suddenly, the acronym SASE was born, along with its unique pronunciation: “Sassy.” During the interview, Dr. Tim Robinson from WWT gives a detailed description of SASE.  He is uniquely qualified to speak to the federal audience because he was a Marine and has worked his way up to a Ph.D. in Computer Science.  A rough description may be cloud technology is being leveraged to optimize network connectivity to allow for consistent policy enforcement, centralized visibility, and scalability. It is always good to look at an emergency and, later, do a course correction. An argument can be made that COVID forced technology leaders to use Virtual Private Networks (VPNs). After all, they were available and easy to deploy. In hindsight, most can conclude that the VPN has strategic weaknesses.  It is simply not optimized for the cloud. Listen to the interview to get an expert’s view on ways to increase security and reduce costs to protect federal data.