Federal Tech Podcast: for innovators, entrepreneurs, and CEOs who want to increase reach and improve brand awareness

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com We have all heard that the phones we carry around have more computing power than was used in the Apollo moon mission. Breaking news: these powerful devices in our pockets are vulnerable to attacks of which we cannot dream. We can just pick up our phones and read the headlines. Brian Krebs reports federal charges against SMS attacks, Salt Typhoon getting into our phone systems, even the FBI telling us to use encryption on our phones. Today, we sat down with Jim Coyle from Lookout to unpack the concept of mobile threats. He begins with some startling facts. For example, Jim Coyle states that over half the movable devices in a recent study did not have an up-to-date operating system. One simple proof-of-concept is with a malicious URL. On a desktop, one can hoover over a URL to see where it is taking you; a credible URL will be clicked on a phone device with no questions asked. There are other entries as well. For example, what happens when a company with a legitimate app gets bought out by a malicious actor? It is possible for them to have an open door to your phone. The good news – a lot of mobile malwares will not survive a reboot. The lesson: every night plug in your phone, turn it off and on.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Malicious actors are taking advantage of AI and the federal government. As a result, we are in a strange Wack-a-Mole game in which applying AI for defense has become so complex that each application seems to require specific skill sets. Today, we sit down with two leaders of NRLabs to discuss their unique approach to applied AI. NRLabs leverages the founders' diverse aerospace engineering and cybersecurity backgrounds to provide innovative solutions, including penetration testing and red team activities. Individuals can become limited in understanding these nuances. As a result, NRLabs has formed a method called the Cyber Collab, where they meet regularly to offer individual perspectives and applications. Because of this, they continue research and testing on using localized adversarial AI models to identify vulnerabilities in cloud-based AI platforms. During the interview, Jon David details exploring opportunities to partner with organizations like CISA's Joint Cyber Defense Collaborative (JCDC) to enhance collaboration and information sharing on critical infrastructure security.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com In Frank Herbert’s classic Dune, Paul Atreides's martial arts instructor discusses knife fighting and a “feint within a feint.” Today, we apply for this martial art tactic in federal information technology. Malicious actors are flooding networks with false attacks, which are, in essence, feints with knives. Digital technology can multiply this activity, or noise, to such an extent that the real attack may be missed. The question is: How can we differentiate between the noise and the actual attack? Today, we have Chris Howard and Zach Vaugh, two experts from Vectra AI. They explain Vectra AI's approach to understanding threat attack intelligence. For the past fourteen years, Vectra AI has focused on this noise-to-signal ratio, garnering some thirty-five patents in this endeavor. They understand the nuances of code morphing, lateral movement, and something curiously called “living off the land.” As a result, they alert a manager to suspicious activity; leaders can be assured they are not dealing with a false alarm. This innovation is important today because Zero Trust is being implemented today. The concept is to allow the right person to have the right data at the right time. How do you know the data has not been injected with malicious code?

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com In 1967 the movie Cool Hand Luke gave us this famous quote, “what we have here is a failure to communicate.” Surprisingly, this adage may apply to federal technology as well. If a federal leader allows secure information to be communicated, they can get fired. If they do not allow enough access to appropriate information, decisions can go sideways. The federal government is being bombarded with data, some important, some trivial. The challenge is to get life-and-death information into the hands of decision makers. So, we have massive data stores and some of them reside in the intelligence community. During the interview, Dr. Williams offers an innovation that allows users to access multiple sources as if it were a single database. Further, the data can be protected to allow the correct users the specific amount of data permitted. The beneficiary of this method of protecting data at rest is Artificial Intelligence.  The data that if fed into AI model can be leveraged and protected at the same time.

 While everybody is focusing on Artificial Intelligence, malicious actors are going after the soft underbelly of modern technology: operational technology, or OT.  Today, we take a look at the increasing threat of cyber-attacks on operational technology (OT) systems, which are often not built with security in mind. Operational Technology is represented by control systems, logic controllers, and other end points found in critical infrastructure like water and systems that generate energy, like oil, natural gas and even nuclear. Today’s experts share ideas on how to mitigate risk through. Collaboration: Throughout the federal government communities are being formed that seek to share information on OT threats.  For example, CISA has a Joint Cyber Defense Collaborative that serves as a clearing house for communication between industry and the federal government. Continuous monitoring:  Marty Edwards works on several federal committees to try to establish data formats that would allow for interoperability to monitor attacks and update existing operational technology. Proactive measures:  Jonathan Feibus from the NRC shares that 90% of the systems he monitors are focused on Information Technology. Vendors seeking solutions to this problem should look at extending methodologies built for IT into the realm of OT. The discussion ended with a discussion of the integration of IT and OT security, the role of AI in enhancing security, and the need for comprehensive asset inventories and risk assessments.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Using a phone to read or communicate has become so standard that church people are expected to read scripture with their phones. Using mobile devices to transmit secure information. Traditionally, secure communication was based on desktop systems; today, we need to pivot and learn how to apply mobile device management to leverage the cloud to provide safe and secure communications through mobile devices. Our guest today, Harold Smith, has spent the last twenty years gaining a deep understanding of secure communications and applying that understanding to developing a trusted mobile development platform. During the interview, you will be bombarded with acronyms like NIAC (National Information Assurance Partnership), MATTER (Mobile Apps to the Tactical Edge Ready), and many more. As a bonus, Harold provides a brilliant sidebar on another acronym: SBIR (Small Business Innovation Research). If you are trying to break into the federal market, this precis is just what you need. The takeaway is that Monkton provides a platform for developers to deliver safe and secure code to people in our mobile world. This can mean a warfighter, a clinician, or even an emergency responder from FEMA.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com   When Qlik was founded in 1993, hard drives were measured in megabytes, and the Internet was primarily text-based. If lucky, you could get information in structured columns and formats. Fast forward thirty years, and some estimate YouTube alone has 4.3 petabytes of data loaded every day. The federal government certainly has its share of formatted data. A recent survey showed that 80% of data collected by the federal government is unstructured. This is information like text files, videos, or emails that are stored in many formats. As a result, it isn't easy to store and manage. This has a real impact when an organization tries to take advantage of Artificial Intelligence. Today, we sit down with Andrew Churchill to discuss creating a solid data foundation for AI. We detail topics like data movement, data streaming, and data quality during the discussion. He differentiates between data lakes and data warehouses as strategies for handling all the unstructured data used for training AI models.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com With public speaking, everyone has butterflies before they begin; instructors tell speakers to get them to fly in formation. When it comes to tools for cybersecurity, we have a similar situation – you may have End point Detection and Response, Extended Detection and Response, Managed Detection and Response, DR, XDR, MDR, Security Information and Event Management, and many others. ThreatQuotient was founded with the intention of making sure these disparate tools provide actionable information for federal agencies. During today’s interview with Craig Mueller, he takes us through context, customization, and collaboration that is needed in all federal agencies. The net result is the reduction in false positives and automation of the intelligence lifecycle. Criag Mueller brings up a topic that is rarely covered—air gapped systems.  Because of their deep understanding of the intelligence community, ThreatQuotient can provide services to agencies that use air-gapped networks.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com   Ep 196 How to take a Federal Network Above and Beyond Today, we see our network being pushed and pulled in every direction: remote users demand access, millions of endpoints must be managed, and wireless networks abound. The Internet we use every day was designed for a much more humble requirement: essentially, bursts of communication between small entities. Our interview with Dan DeBacker from Extreme Networks will define these new requirements and how innovation can keep you up to speed. One of the best podcasts in Washington, DC, is “Feds at the Edge.”  It recognizes the rapid decentralization of systems, which has reached the point where some organizations are considering doing the “compute” aspect of the network at the edge. Let me state the obvious: a network that is not optimized will not allow speed to be efficiently achieved. Hybrid networks can increase complexity to the point where speed degenerates and opportunities for malicious actors can appear.  During the interview, Dan DeBacker details how methods and techniques can be applied to carefully examine a network and ferret out stealth networks and areas that can “leak” access. When a system is visible, it is easier to incorporate legacy networks and enhance connectivity between sites.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com  Federal technology leaders operate in a confusing world. On the one hand, they must grant access to data that is needed by users; on the other hand, they must comply with security requirements that severely restrict that access. Craig Mueller from Varonis offers a solution: efficient data management will ensure that all information will be carefully categorized to allow this razor’s edge of operation. The approach will allow for a concept called “complete coverage.” “Complete coverage extends to everything in the hybrid cloud as well as legacy systems. During the interview, Craig Mueller describes a concept called Data Security Posture Management. Essentially, this process allows for complete coverage, governance, and user analytics. Many do not realize that AI tools crawl a network and assemble as much as they can.  In a federal application, there may be information that is not categorized correctly and should not be allowed to be scanned.  This is a classic example of data that gives the ability to share too easily. Proper organization of data, both structured and unstructured, will all the balancing game of access and security to be deployed and scaled.