Federal Tech Podcast: for innovators, entrepreneurs, and CEOs who want to increase reach and improve brand awareness

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com It is a challenge for most technology companies to give a three-word summary of what they do, especially with the complexity implied with the phrase “entity resolution.” The CEO of Senzing, Jeff Jonas, gives a three-word summary of the complex issues they manage --  “bad guy hunting.”  OK, what does this mean to federal tech leaders? Today, we sit down with Will Layton to learn how a topic like “entity resolution” can improve federal cybersecurity. During the interview, he gives an overview of how federal systems have evolved over the years and the need to understand the implications of automation. We know federal systems are, in general, moving to the cloud. This may be a private cloud, a public cloud, or even a hybrid cloud. Second, data ingestion has overwhelmed most agencies.  As a result, many large-scale organizations are implementing automated tools, some call “agents” to become more efficient. Will Layton describes how humans need to be identified an automated tool, or entities, need to establish credentials as well. When a malicious actor tries to present like an entity in a complex automated system, Senzing can identify it and save federal leaders from unwanted actio

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com For many, IDEMIA is a relatively unknown company that was recently awarded a 10-year Blanket Purchase Agreement from GSA. The focus is on next-generation identity proofing for login.gov. At first glance, you might say “IDEMIA” is an overnight success. Upon further examination, you will discover that IDEMIA has served federal agencies for over 60 years. During the interview, Donnie Scott gives listeners a complete rundown on the variations on identity, identity proofing, identity management, and identity access management. He reinforces that rigorous identity-proofing can reduce waste, fraud, and abuse of federal systems. This is becoming a more complex problem. For example, technology enthusiasts are experimenting with so-called “agents” to access data, assemble it, and then attempt to draw conclusions. At each step along the way, there are gateways to verify the validity of the person (or non-human entity) requesting data. This interview offers a great perspective from a well-respected company that provides identity proofing to the federal government.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Walking around the Salesforce World Tour DC  can make you dizzy with use cases.  Let’s step back and look at underlying principles.  To boil down the massive information overflow, we sat down with Nasi Jazayeri from Salesforce to focus on improving efficiency by taking advantage of Salesforce agents. Automation. Federal employees will obviously be asked to do more with less. One way to accomplish this task is to structure a system where tedious decisions do not have to be made by humans. Tasks can be designed without human oversight to a specific level. Workflows. Salesforce is increasingly becoming a hub for data amalgamation. Integrating API into workflow can improve how systems can manage various dependencies. Compliance. This is one of Salesforce's superpowers. Everyone is trying to figure out where the best application of agents would be. Inevitably, mistakes will be made. Compliance is built into a system like Salesforce. You can evaluate several options without reinventing the wheel for each instance. Salesforce has many use cases for agentic applications, such as citizen service automation, healthcare administration, and interagency collaboration. Sometimes, general value principles can reinforce decisions made regarding agents and Salesforce.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Federal leaders are walking a tightrope. They want to leverage the promise of AI; however, they are responsible for making federal data secure. Beyond that, these AI “experiments” should not negatively impact the larger systems and must have a detached view of practical applications. During today’s conversation, Paul Tatum gives his view on accomplishing this balance. He illustrates the idea of experimenting with AI through, of all things, avocados. For example, he acts as if he must document the process behind importing avocados. He shows how an AI agent can be used safely and provides practical information. The key here is “safely.”  People working on federal systems are jumping into AI agents without concern for compliance or security. They run into the phrase “unintended consequences” when they access data sloppily, which can lead to sensitive information leaks. Rather than detailing potential abuse, Paul Tatum outlines the Salesforce approach. This allows experimentation with specific guidelines as well as for compliance and controls for autonomous agents. This way, the data to be accessed will be cleaned and not subject to misinformation and duplication problems. Further, because you are acting in the functional equivalent of a “sandbox,” you can be assured that information assembled from AI experiments will be placed in areas where they are safe and secure. Learn how to leverage AI, but learn in an environment where mistakes will not come back to haunt you.  

Anish Patel, Head of Sales at Cloudflare, delves into federal network security and Zero Trust initiatives. He discusses how Cloudflare's commercial success can enhance security in federal networks by simplifying user experiences. The conversation highlights the importance of transitioning to Zero Trust architecture and the need for innovation within organizations. Anish also emphasizes automation's role in reducing the burden of constant vigilance among users, thus improving overall cybersecurity. Additionally, he touches on future-ready features like post-quantum encryption.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Once the transition to the cloud became dominant, the importance of identity was placed ahead of permission to access apps and data. When data centers were down the hall, one could have physical access to a room and sign-on permission. The hybrid cloud, private clouds, and an interest in “alternative clouds” make identity the keystone of modern computing. Companies like Okta, Ping, and SailPoint work with identity and access management but rely on services that can provide a federated identity service. Today, we sit down with Dr. John Pritchard, the CEO of Radiant Logic, and learn that Radiant does not compete with these well-known vendors but provides the backbone for their service. Dr. Pritchard uses an interesting phrase: “continuous identity hygiene.”  This means that although a person’s biology will not change, he can compromise essential elements of his identity. This must be a continuous process. This fact has been recognized by CISA and DoD’s 2027 Zero Trust Goals and can be identified as Identity Security Posture Management. In this thorough discussion, Dr. Pritchard presents a 30-year framework for network identity and includes comments on a unified data layer, data staging, and how to select a reference architecture for using a federated identity service.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Many people deceive themselves when moving systems to the cloud, thinking the same precautions used for an on-premises system can be used in the cloud. Neil Carpenter from Orca Security dispels that notion right out of the box. He details that when a system is moved to the cloud, it operates under a shared responsibility model.  While the Cloud Service Provider may be able to serve a solid infrastructure, that does not mean the applications and data are protected as well. Further, the popularity of virtual systems means that workloads can spin up and down rapidly. This means a one-time scan is just that: a photograph of a moment; only continuous monitoring can provide the reassurance that federal systems managers demand. While we know that cloud systems can scale rapidly, many do not understand that scaling also widens the attack surface. Michael Hylton from Orca Security recommends investing in a system that can provide continuous scanning in a dynamic environment. How is this accomplished? During the interview, Neil Carpenter defines agent vs. agent-less systems. When Orca Security established an agent-less system, it allows them to scan, speeding deployment and reducing the risk of coverage gaps.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Today, we sit down with Karthik Natarajan, Solutions Engineering Manager, U.S. Public Sector, for SNYK. SNYK has garnered a formidable reputation in the commercial sector by helping to identify and fix vulnerabilities in code, open-source dependencies, and container images. Karthik Natarajan acknowledges that no code can be 100% secure; however, one way to improve by a magnitude is to incorporate the “Shift Left” approach. This phrase has been around for twenty years but has recently gained momentum. The concept of shift left moves testing and performance evaluation to an earlier part of the software development lifecycle. But SNYK goes further by applying AI to look at open-source dependencies. When infrastructure transitions to “infrastructure as code,” vulnerabilities may be included. SNYK also looks for vulnerabilities in infrastructure code. The interview ends with Karthik explaining that SNYK’s success is due to it being written for cloud applications- it is cloud native.  Also, they judiciously use AI and rigorously check corrections to code that may introduce trouble.    

Stephen Ringo, a Senior Solutions Architect at Akamai and an expert in API security, unpacks the critical role APIs play in securing federal systems amidst rapid cloud adoption. He reveals that 99% of organizations struggle with API security, emphasizing the importance of inventorying known and hidden APIs. Ringo advocates for proactive measures, highlighting the need to educate federal CIOs and evaluate security controls with cloud providers. The discussion also touches on the alarming risks of misuse and the ongoing shortage of API security professionals.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com We all know the quote from Peter Drucker, "If you can measure it, you can manage it."   It's pretty easy to apply when throwing a javelin but difficult when measuring success in complex software development projects. Today, we sat down with Jeff Gallimore, Chief Technology and Innovation Officer and founder of Excella. He brings with him decades of experience collaborating with teams on successful federal projects. We start by noting the fallacy of using one metric to measure success. While completing the initiative on time might make an agency administrator happy, that will change rapidly if compliance is not achieved, and scaling will break the system into pieces. Jeff has seen breakthroughs using a framework called DORA, DevOps Research and Assessment). The key metrics are deployment frequency, lead time for changes, change failure rate, and failed deployment recovery time.  These metrics, now part of Google, are research-based and predictive of IT and organizational outcomes. They emphasize the importance of a holistic approach, avoiding single-metric focus, and the role of leadership and culture in fostering high-performing teams