Federal Tech Podcast: for innovators, entrepreneurs, and CEOs who want to increase reach and improve brand awareness

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com In Frank Herbert’s classic Dune, Paul Atreides's martial arts instructor discusses knife fighting and a “feint within a feint.” Today, we apply for this martial art tactic in federal information technology. Malicious actors are flooding networks with false attacks, which are, in essence, feints with knives. Digital technology can multiply this activity, or noise, to such an extent that the real attack may be missed. The question is: How can we differentiate between the noise and the actual attack? Today, we have Chris Howard and Zach Vaugh, two experts from Vectra AI. They explain Vectra AI's approach to understanding threat attack intelligence. For the past fourteen years, Vectra AI has focused on this noise-to-signal ratio, garnering some thirty-five patents in this endeavor. They understand the nuances of code morphing, lateral movement, and something curiously called “living off the land.” As a result, they alert a manager to suspicious activity; leaders can be assured they are not dealing with a false alarm. This innovation is important today because Zero Trust is being implemented today. The concept is to allow the right person to have the right data at the right time. How do you know the data has not been injected with malicious code?

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com In 1967 the movie Cool Hand Luke gave us this famous quote, “what we have here is a failure to communicate.” Surprisingly, this adage may apply to federal technology as well. If a federal leader allows secure information to be communicated, they can get fired. If they do not allow enough access to appropriate information, decisions can go sideways. The federal government is being bombarded with data, some important, some trivial. The challenge is to get life-and-death information into the hands of decision makers. So, we have massive data stores and some of them reside in the intelligence community. During the interview, Dr. Williams offers an innovation that allows users to access multiple sources as if it were a single database. Further, the data can be protected to allow the correct users the specific amount of data permitted. The beneficiary of this method of protecting data at rest is Artificial Intelligence.  The data that if fed into AI model can be leveraged and protected at the same time.

 While everybody is focusing on Artificial Intelligence, malicious actors are going after the soft underbelly of modern technology: operational technology, or OT.  Today, we take a look at the increasing threat of cyber-attacks on operational technology (OT) systems, which are often not built with security in mind. Operational Technology is represented by control systems, logic controllers, and other end points found in critical infrastructure like water and systems that generate energy, like oil, natural gas and even nuclear. Today’s experts share ideas on how to mitigate risk through. Collaboration: Throughout the federal government communities are being formed that seek to share information on OT threats.  For example, CISA has a Joint Cyber Defense Collaborative that serves as a clearing house for communication between industry and the federal government. Continuous monitoring:  Marty Edwards works on several federal committees to try to establish data formats that would allow for interoperability to monitor attacks and update existing operational technology. Proactive measures:  Jonathan Feibus from the NRC shares that 90% of the systems he monitors are focused on Information Technology. Vendors seeking solutions to this problem should look at extending methodologies built for IT into the realm of OT. The discussion ended with a discussion of the integration of IT and OT security, the role of AI in enhancing security, and the need for comprehensive asset inventories and risk assessments.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Using a phone to read or communicate has become so standard that church people are expected to read scripture with their phones. Using mobile devices to transmit secure information. Traditionally, secure communication was based on desktop systems; today, we need to pivot and learn how to apply mobile device management to leverage the cloud to provide safe and secure communications through mobile devices. Our guest today, Harold Smith, has spent the last twenty years gaining a deep understanding of secure communications and applying that understanding to developing a trusted mobile development platform. During the interview, you will be bombarded with acronyms like NIAC (National Information Assurance Partnership), MATTER (Mobile Apps to the Tactical Edge Ready), and many more. As a bonus, Harold provides a brilliant sidebar on another acronym: SBIR (Small Business Innovation Research). If you are trying to break into the federal market, this precis is just what you need. The takeaway is that Monkton provides a platform for developers to deliver safe and secure code to people in our mobile world. This can mean a warfighter, a clinician, or even an emergency responder from FEMA.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com   When Qlik was founded in 1993, hard drives were measured in megabytes, and the Internet was primarily text-based. If lucky, you could get information in structured columns and formats. Fast forward thirty years, and some estimate YouTube alone has 4.3 petabytes of data loaded every day. The federal government certainly has its share of formatted data. A recent survey showed that 80% of data collected by the federal government is unstructured. This is information like text files, videos, or emails that are stored in many formats. As a result, it isn't easy to store and manage. This has a real impact when an organization tries to take advantage of Artificial Intelligence. Today, we sit down with Andrew Churchill to discuss creating a solid data foundation for AI. We detail topics like data movement, data streaming, and data quality during the discussion. He differentiates between data lakes and data warehouses as strategies for handling all the unstructured data used for training AI models.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com With public speaking, everyone has butterflies before they begin; instructors tell speakers to get them to fly in formation. When it comes to tools for cybersecurity, we have a similar situation – you may have End point Detection and Response, Extended Detection and Response, Managed Detection and Response, DR, XDR, MDR, Security Information and Event Management, and many others. ThreatQuotient was founded with the intention of making sure these disparate tools provide actionable information for federal agencies. During today’s interview with Craig Mueller, he takes us through context, customization, and collaboration that is needed in all federal agencies. The net result is the reduction in false positives and automation of the intelligence lifecycle. Criag Mueller brings up a topic that is rarely covered—air gapped systems.  Because of their deep understanding of the intelligence community, ThreatQuotient can provide services to agencies that use air-gapped networks.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com   Ep 196 How to take a Federal Network Above and Beyond Today, we see our network being pushed and pulled in every direction: remote users demand access, millions of endpoints must be managed, and wireless networks abound. The Internet we use every day was designed for a much more humble requirement: essentially, bursts of communication between small entities. Our interview with Dan DeBacker from Extreme Networks will define these new requirements and how innovation can keep you up to speed. One of the best podcasts in Washington, DC, is “Feds at the Edge.”  It recognizes the rapid decentralization of systems, which has reached the point where some organizations are considering doing the “compute” aspect of the network at the edge. Let me state the obvious: a network that is not optimized will not allow speed to be efficiently achieved. Hybrid networks can increase complexity to the point where speed degenerates and opportunities for malicious actors can appear.  During the interview, Dan DeBacker details how methods and techniques can be applied to carefully examine a network and ferret out stealth networks and areas that can “leak” access. When a system is visible, it is easier to incorporate legacy networks and enhance connectivity between sites.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com  Federal technology leaders operate in a confusing world. On the one hand, they must grant access to data that is needed by users; on the other hand, they must comply with security requirements that severely restrict that access. Craig Mueller from Varonis offers a solution: efficient data management will ensure that all information will be carefully categorized to allow this razor’s edge of operation. The approach will allow for a concept called “complete coverage.” “Complete coverage extends to everything in the hybrid cloud as well as legacy systems. During the interview, Craig Mueller describes a concept called Data Security Posture Management. Essentially, this process allows for complete coverage, governance, and user analytics. Many do not realize that AI tools crawl a network and assemble as much as they can.  In a federal application, there may be information that is not categorized correctly and should not be allowed to be scanned.  This is a classic example of data that gives the ability to share too easily. Proper organization of data, both structured and unstructured, will all the balancing game of access and security to be deployed and scaled.  

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Our guest today is Jonathan Alboum, the Federal CTO for ServiceNow Federal. This interview should begin like Mission Impossible movies. “Jonathan, your mission, should you accept it, is to describe all the variations ServiceNow serves federal technology leaders. You have 25 minutes. This message will self-destruct in ten seconds.” This is an “impossible mission” because Service Now has customers in over one hundred agencies. It sure appears each instance is unique. One way to understand this “variation on a theme” is to look at the agenda for their annual conference. In March 2024, ServiceNow covered topics ranging from agile software development to forms to new vs. legacy applications. It is kind of hard to find a Gartner quadrant for ServiceNow. During the interview, Jonathan delves into one aspect of artificial intelligence and details the application of large language models and smaller large language models. Listen to the interview and consider it a “tasting menu” for efficiency, productivity, and integration concepts. Oh yes, it also dives into applied Artificial Intelligence.

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Everyone awake in biology class remembers the difference between a somatic and an autonomic nervous system. (Cheat sheet: You can control somatic, but the other kicks in without knowing.) What does this have to do with federal information technology? Today, we sat down with Dave Link, the founder of Science Logic, and he talked about how to manage complex federal systems. We all know in the early days, one could use a spreadsheet to update and patch most networks. However, today’s hybrid networks and supercharged cyber-attacks are throwing manual methods out the window. Dave Link suggests an automated approach that parallels human biology can be the answer. For example, he calls his system an “autonomic IT.”  A quick translation means that an agent can run in the background and examine the health of a network. It can evaluate and patch automatically, like the system that controls your heartbeat and respiration. When there is an issue, a sentient human can jump in. This may be like a human being moving out of the way of an oncoming bus. This person has an operating cardiovascular system; however, a human must alter survival. Listen to the interview to see how this human/technology parallel holds up.