Federal Tech Podcast: for innovators, entrepreneurs, and CEOs who want to increase reach and improve brand awareness

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com “Efficiency” seems like the new buzzword for federal technology in the next few years. When writing software sense, efficiency can mean writing code once and moving on to regular maintenance. However, we see security initiatives being mandated that cause developers to go back to previous stable systems and add code alterations to comply with new cyber threats. Even beginner efficiency experts will tell you the time and cost of operating in this manner can be expensive. Further, recording can add new bugs and risks, making the system more complex. Federal technology leaders from CISA have not lost sight of this. They have a “Secure by Design” initiative that addresses this issue. As in many tech concerns, the concern is how to accomplish this noble task. Today, we sit down with Nathan Jones from Sonar. He offers a solution that seeks to “shift left” the whole concept of security by design. His company provides systems that can review code to ensure its compliance. Further, he expands on an approach that can collaborate with developers while they write code. Nathan Jones gives listeners details about how Sonar’s Qube can be deployed on a server, in the cloud, or with IDE. The benefits are ample: lower maintenance, minimizing risk, and allowing a focus on innovation rather than rewriting code.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com People are getting comfortable with Generative AI and applying it to many business areas. This widespread adoption shows many of the weaknesses of individuals misusing technology. It is one thing to settle a baseball statistics argument with GenAI; another complete application when competing for a million-dollar federal contract that includes management of sensitive information. These include biased outputs, lack of creativity, and misinformation, to name a few. Today, we offer a solution. Vishwas Lele is the co-founder and CEO of pWin.ai. He has decades of experience in federal contracts and a sophisticated understanding of applied Artificial Intelligence. He has seen the reliance on cliches and superficial language that can result in the inappropriate application of AI for proposal writing. His solution is to partner with Shipley Associates, a proposal writing company that has been in business for fifty years and has technology that can safely use AI. The result: pWin.ai. If you would like a more detailed explanation, consider attending a webinar on January 22, 2025    

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Everyone reading this knows that April 15 is the dreaded day that one must pay federal income taxes. Big business has hordes of tax accountants and lawyers who do tax planning to accommodate federal deadlines. Sometimes, the deadline could be better known. Are you familiar with the OMB’s M-24-15? This will require companies to submit compliance information in a machine-readable format. Today, we sat down with Valinder Mangat from DRTConfidence. Valinder describes technology, deadlines, and approaches your company can use to comply. This interview will serve as a warning about an immense deadline that is crucial if you work with the federal government and cloud service providers. Essentially, NIST recognized that compliance done manually was time-consuming and subject to error. Back in 2016, they suggested OSCAL to streamline compliance. In addition to speeding things up, OSCAL allows for reuse without repetitive assessments. Whether you realize it or not, by the end of 2025, each federal contractor will be expected to provide compliance information in the OSCAL format, which stands for Open Security Controls Assessment Language. The other side of the coin is important to discuss as well. If you are an agency dealing with cloud compliance, you will be expected to be able to ingest compliance data in the OSCAL format.

Ep 206 Federal Data, Fast Access, Security Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com When it comes to technology, the founders of VAST Data can be described as “prescient.” In 2015, they looked at the problem of data management from a unique perspective. They did not want to call their company VAST “storage” but VAST “Data” because the problem they tried to solve was not the amount of storage but how to get instant and fast access to that data. The wave they rode was a combination of nVidia investing in graphic processing units and flash storage becoming more affordable. The result: VAST Data has grown to be valued at over nine billion dollars. During the interview, Randy Hayes details the value proposition of this innovation for federal projects. Their first customer was NIH, and they have built on that reputation ever since. Randy Hayes mentions that the current Zero Trust initiative begins with identification. Rapid, accurate authentication rests on fast access to data. Further, we have seen a resurgence in many organizations' migration from the cloud to on-prem solutions, mostly due to rising cloud costs and data sovereignty issues. VAST Data can provide efficient and quick ways to manage this data transfer. Innovation, dropping chip set prices, and understanding federal problems all allow VAST Data to assist federal agencies in accomplishing ambitious goals. If you want to learn more, VAST Data will attend the Nvidia GTC conference on March 17th in San Jose, California.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Complex environments exist in commercial organizations and the federal government. In a typical fashion, humans resist change until an incident force restructuring. In this case, the change of design will be costly. During today’s interview, Nick Pesce says that today’s systems are burdened to such an extent that structural change should start now, when it is easy and less expensive, and then wait for an incident that will cause change. Both guests, Nick Pesce and Don Lamb, have experience in federal government change management. They work for the well-respected MITRE, home of the ATT&CK framework. As a result, they can look at a systemic problem and see the solution. Their report, Recommendations for Creating Cross-Agency Enterprise Design Specifications, details ways to make this change. They also detail user stories and use cases and how to manage requirements and proofs of concept. Their argument goes that when combined with understanding mission objectives, the existing information silos in the federal government can be overcome.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Cybersecurity professionals like to talk about data “at rest” and data “in transit.”  They never mention how exactly this concept of “in transit” takes place. Once upon a time, in a data center far, far away, one could take a database and move it easily. Kind of like taking a suitcase in your car and driving across town. Today, federal agencies are deluged with so much data, is it more like dragging your entire house across town? Moving data today involves concepts like data tiring. This is an approach where data is taken to a third place and transferred from there. Due to limitations of latency, network bandwidth, and compliance concerns, this is a process that can take way more time than can be imagined. You may have some highly compensated data scientists waiting days for a complete transfer. Let us take another scenario. What if your agency has some data stored in a specific cloud provider? It may be discovered that charges were higher than expected and the data need to be returned to the on prem environment. If not done properly, this transition can be fraught with issues. Further, many federal agencies are sitting a veritable treasure trove of data, both structured and unstructured. These could be images, text, email, or video. Pure Storage offers ways to derive value from a wide variety of unstructured data. structured and unstructured data. These could be images, text, email, or video. Pure Storage offers ways to derive value from various unstructured data.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com We all know that in 1492, Columbus sailed the ocean blue. A couple of years later, a map maker named Americo Vespucci made quite a splash with a new map. This has a direct parallel with today’s information technology. Columbus really did not “discover” anything—it was there all along. When you look at an enterprise system, be it a bank in Houston or a federal agency, you may have only a hint of what is on your network. Who knows what kind of “ghost IT” has been added to your system? It could be a deliberate attempt by an employee to circumvent the compliance process; it could be a malicious actor who has entered your system. Today, we sit down with Tom Guarente from Armis, the “Asset Intelligence Company.”  Armis can take a detailed look at your network and provide you with actionable information. On-premises networks, endpoints, data centers, cloud, and hybrid cloud = a wide range of potential presences on your network. During the interview, Tom Guarente emphasized the importance of putting this information in proper perspective. When an asset is identified, its relationship to other assets and its context is just about as important as the ability to detect it at all. Armis can assist federal agencies with understanding relationships and vulnerabilities they did not even know they had.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com We have all heard that the phones we carry around have more computing power than was used in the Apollo moon mission. Breaking news: these powerful devices in our pockets are vulnerable to attacks of which we cannot dream. We can just pick up our phones and read the headlines. Brian Krebs reports federal charges against SMS attacks, Salt Typhoon getting into our phone systems, even the FBI telling us to use encryption on our phones. Today, we sat down with Jim Coyle from Lookout to unpack the concept of mobile threats. He begins with some startling facts. For example, Jim Coyle states that over half the movable devices in a recent study did not have an up-to-date operating system. One simple proof-of-concept is with a malicious URL. On a desktop, one can hoover over a URL to see where it is taking you; a credible URL will be clicked on a phone device with no questions asked. There are other entries as well. For example, what happens when a company with a legitimate app gets bought out by a malicious actor? It is possible for them to have an open door to your phone. The good news – a lot of mobile malwares will not survive a reboot. The lesson: every night plug in your phone, turn it off and on.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Malicious actors are taking advantage of AI and the federal government. As a result, we are in a strange Wack-a-Mole game in which applying AI for defense has become so complex that each application seems to require specific skill sets. Today, we sit down with two leaders of NRLabs to discuss their unique approach to applied AI. NRLabs leverages the founders' diverse aerospace engineering and cybersecurity backgrounds to provide innovative solutions, including penetration testing and red team activities. Individuals can become limited in understanding these nuances. As a result, NRLabs has formed a method called the Cyber Collab, where they meet regularly to offer individual perspectives and applications. Because of this, they continue research and testing on using localized adversarial AI models to identify vulnerabilities in cloud-based AI platforms. During the interview, Jon David details exploring opportunities to partner with organizations like CISA's Joint Cyber Defense Collaborative (JCDC) to enhance collaboration and information sharing on critical infrastructure security.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com In Frank Herbert’s classic Dune, Paul Atreides's martial arts instructor discusses knife fighting and a “feint within a feint.” Today, we apply for this martial art tactic in federal information technology. Malicious actors are flooding networks with false attacks, which are, in essence, feints with knives. Digital technology can multiply this activity, or noise, to such an extent that the real attack may be missed. The question is: How can we differentiate between the noise and the actual attack? Today, we have Chris Howard and Zach Vaugh, two experts from Vectra AI. They explain Vectra AI's approach to understanding threat attack intelligence. For the past fourteen years, Vectra AI has focused on this noise-to-signal ratio, garnering some thirty-five patents in this endeavor. They understand the nuances of code morphing, lateral movement, and something curiously called “living off the land.” As a result, they alert a manager to suspicious activity; leaders can be assured they are not dealing with a false alarm. This innovation is important today because Zero Trust is being implemented today. The concept is to allow the right person to have the right data at the right time. How do you know the data has not been injected with malicious code?