Federal Tech Podcast: for innovators, entrepreneurs, and CEOs who want to increase reach and improve brand awareness

Want to make the most out of your next podcast appearance? https://content.leadquizzes.com/lp/fk1JL_FgeQ Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com It seems like everyone is testing AI options; however, when it comes to technology like Quantum, people seem to shy away. Today, we will attempt to clear up some of the questions listeners have about how to apply Quantum to federal problems. Our guest Murray Thom has been working with Quantum for years. Further, his company, D-Wave, has been in business for 25 years, has two hundred patents, and employs over two hundred subject matter experts. So, D-Wave is not a startup without any proven record. Murray sets the stage by setting up a contrast:  classical computing compared to quantum computing. Traditional computers allow for a limited number of answers, while a quantum computer is not limited to the binary nature of the way we have been using computers. Rather than diving into the philosophy and mathematics behind quantum, Murray looks at applications that can be boiled down to use cases. If you look at the millions of containers that enter the United States each year, you can understand the complex nature of logistics. Effective use of quantum can allow for reduced fuel consumption, faster delivery times, and happier customers. The federal government can apply this technology to areas like weather forecasting and even managing the 30,000 satellites that are projected to be circling the earth by 2030.

  Want to make the most out of your next podcast appearance? https://content.leadquizzes.com/lp/fk1JL_FgeQ Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com  = = = Fortinet’s Jim Richberg is a battle-tested veteran. His opinions are sought out in Congress and all over the world. Today, we sat down with Jim to assess the implications of the federal government using AI when it comes to cybersecurity. Jim likes to distinguish between two broad categories of AI: discriminative AI and Generative AI. Discriminative:  AI that can classify data but cannot generate it. From a cyber perspective, it can assess sentiment and image classification. It can alert when there is a potential threat. Generative AI:  produces results based on amalgamation of existing data. This can be text, music, and even designing images. There is a possibility that a Generative AI application can look at a network and generate a report finding vulnerabilities. So far, these have been defined, but the results have been few. Jim Richberg thinks federal organizations are being limited to not having standards in contract terms as they procure AI. One topic that many seem to overlook is the power requirement for AI. Some solutions include modifying chip design. But Jim cautions that it can take as long as five years to get a data center up and running while energy concerns are building daily. This is a fascinating discussion that includes Jim’s delineation of MDM of Misinformation, Disinformation, and Malinformation.

Want to make the most out of your next podcast appearance? https://content.leadquizzes.com/lp/fk1JL_FgeQ Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com  = =  Some estimates are that the federal government will have spent one trillion dollars before the end of September 2024. Federal contractors will be bombarded with opportunities; your bidding selection can make or break your company. The issue is balance.  If you respond to every solicitation, you won’t get to them all and the ones you complete may not be thorough enough to be the winner. One can always throw humans at the problem, but nobody has the staff to even read the solicitations. Today, Brooke Smith from Deep Water Point & Associates presents an option. He talks about the right way to bid and the wrong way to do it. Of course, a year you should have been ahead of the RFP process. However, some funding hasn’t been approved until late in the process. As a result, you will see new opportunities popping up. In order to eliminate contested awards, we may see task orders, GWACs, IDIQ, and even OTAs just to get work under contract before the end of the year. During this discussion, Brooke Smith details the role of automation that can help federal contractors use their limited time properly. They combine human experience with analysis of a company’s capabilities to help them select the projects that can yield the best results. This is a “must listen” to learn how to optimize how your company can respond to year end offerings.      

Want to make the most out of your next podcast appearance? https://content.leadquizzes.com/lp/fk1JL_FgeQ Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com  = = Congressman Gerry Connely maintains that that the platform is the solution; today, we discuss the topic of data strategy with Rob Carey of Cloudera. Rob begins by stating that when it comes to managing data, you need to consider what the outcome may be. For example, if you are assembling data on nuclear weapons, you need much more care than putting together traffic information. Some would say that this is the difference between serious data and a newly coined phrase “Everyday AI.” In other words, negligible risk decisions. This differentiation can assist in making budget decisions. Rob goes on to discuss the expanded attack surface. With all of today’s sensors and data centers, many agencies are starting to use “petabytes” to describe the amount of information they are ingesting. Companies like Cloudera can assist federal tech leaders by giving them a system where they can provide governance. For example, he describes an offering called Cloudera Security Governance Lineage. This provides a view of data from “soup to nuts.”  Allowing managers to profile data, clean the data, and provide lineage tracking. Federal agencies must not treat all data as being equal. Limited resources force systems administrators to view data from legacy systems, the hybrid cloud, and new sensors as part of a priority.

Want to make the most out of your next podcast appearance? https://content.leadquizzes.com/lp/fk1JL_FgeQ Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com John Kindervag is the father of Zero Trust; Greg Touhill is the general of Zero Trust; today, we sit down with Dr. Zero Trust, Chase Cunningham.  Dr. Chase Cunningham has a solid background for his opinions. He served in the military, has a PhD., five patents, and has written five books. We begin the discussion with praise from Randy Resnick, the Director of the DoD Zero Tryst Portfolio Management Office. The DoD is not the only federal area with large systems to concern themselves with. The challenge in making a transition to Zero Trust is extant in the civilian agencies. For example, LaMonte Yarborough from the HHS indicated he must manage systems to try to make a transition to Zero Trust. His Cunninham experience includes running a red team, so we pivoted the conversation about AI. Malicious actors or red teams can use AI-based tools like Dork GPT to create new ways to attack systems. Today’s far-ranging discussion oversees many topics that federal leaders would be interested in., including cybersecurity skills, compliance, and managing legacy systems. Technology periodicals all have headline articles on the lack of talent in the world of cyber security. Chase mentioned a school in Virginia called CyberNow Labs. It is a “trade” school that can prepare individuals quickly for a job stopping malicious actors. He mentioned several students are getting job offers before they leave. When the topic of quantum was introduced, comments were made that, from a cybersecurity perspective, it is wiser to concern yourself with basics like identity and patching rather than worrying about a future quantum event

Data Destruction?  Find out more about data destruction best practices for federal agencies here. https://securis.com/government-agencies/ Want to make the most out of your next podcast appearance? https://content.leadquizzes.com/lp/fk1JL_FgeQ Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com What happens to sensitive information on electronics when they are replaced? Most tech conversations today focus on the feats of Artificial Intelligence. Reports are generated, software is written, and predictions are made. However, few understand the e-waste implications of this tidal wave. To start with, AI requires an incredible amount of computational power. If you combine that fact with the typical computer refresh cycles then we have a growing situation where federal agencies hard drives and SSDs with sensitive information that must be disposed of properly. Sensitive information is not just stored on computers and networking equipment in data centers, we have it dispersed on tablets, mobile phones, laptops and even Navy ships. You may ask – how often does sensitive information get out? A recent study has shown that 40% of used computers purchased on popular ecommerce sites had personally identifiable information on them.    Governments and financial institutions have been embarrassed or fined for data breaches. Our conversation today is with “Sal” Salvetti from Securis. His company provides a service that can take end of life computers, phones and tablets and dispose of them in a secure and sustainable manner. Federal agencies have to comply with directives from GSA, DLA, NSA and NIST (800-88) around the proper disposal of end of life electronic devices. In the interview, we learn how Certified Secure Data Destruction Specialists (CSDS) from Securis can help your agencies comply with federal guidelines and protect national security. Many federal managers don't understand the full asset management lifecycle of hardware and the cyber security risks.   Don’t treat old computers like trash. The conversation provides best practices concerning when software can be used to wipe data and when devices or drives should be shredded. You will also learn why certifications from the National Association of Information Destruction (NAID AAA)  R2 are critical for ITAD (IT Asset Disposal) providers.  

 Want to make the most out of your next podcast appearance? https://content.leadquizzes.com/lp/fk1JL_FgeQ Connect to John Gilroy on LinkedIn    \https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Donald Rumsfeld is famous for talking about the “unknown unknowns.” Well, today we will be a little more specific and focus on some “knowns.” Most listeners know that cyber threat companies regularly list vulnerabilities. Jay Wallace estimates VulnCheck alone has a list of 300,000 known threats. The Cybersecurity & Infrastructure Security Agency (CISA) decided to help federal agencies narrow down this list. They put together a list of vulnerabilities that were specific to federal networks. For example, if no federal agency ever uses “XYZ” software, why should a federal information professional care about it? It is not and will never be on their systems. The key to understanding the KVE is that CISA will not just put a vulnerability on a list and say, “Good luck.”  They will post a patch to remediate the problem. VulnCheck helps federal agencies with prioritization, proof of concept, and a community.  Prioritization For example, VulnCheck can assist in setting up priorities or these varying threats. Proof of Concept For example, during the interview, Jay Wallace mentions something called a Proof of Concept (PoC). VulnCheck can look like software combinations and determine if they can be a threat. Community Also, VulnCheck has an active community where these threats are discussed. Just this year, the VulnCheck community has been active in many areas, including making information about vulnerabilities consumed in a more palatable manner. Malicious actors know about vulnerabilities, and a responsible federal manager should become familiar with how to manage this vulnerability list.

Want to leverage you next podcast appearance? https://content.leadquizzes.com/lp/fk1JL_FgeQ Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com In baseball, one way to rattle an opponent hitter is to say, “Ya can’t hit what ya can’t see.”  Today, we see cyber-attacks at a pace beyond a human’s ability to detect; we must consider applying artificial intelligence and automation to meet the current threat. During the interview today, Palo Alto’s Erix Trexler outlines the correct approach for cyber defense. First, it is not enough to identify a threat. One needs to get the data, normalize it, and sort it quickly to have actionable intelligence. From there, actions can be taken to stop the attack. Brigadier General Greg Touhill (retired) was the first Federal Chief Information Security Officer. He once said if you prioritize everything, you prioritize nothing. Eric Trexler expands on this concept by emphasizing that each agency must have an effective strategy of prioritizing data, automating response, and then having a formal incident response in place. Erick suggests that artificial intelligence can provide abilities like anomaly detection, capacity prediction, threat intelligence and even data classification to be able to execute an effective strategy. Each agency has a varying level of cyber defense maturity. Eric emphasizes that a company with the resources of Palo Alto they can meet you where you are in your journey.  

The volume of cyber attacks on federal organizations has gotten to the level that traditional methods have lost their efficacy. If you merely react to an intrusion, the malicious actor has gotten what he wants and has left. Today, we sat down with Vinay Anand, the Chief Product Officer for a company called NetSPI. Back in 2001, they were founded to improve server, network, and application penetration services. Their initial offering of penetration testing has become so successful that it is being used by nine out of the top ten banks in the United States. Over the decades, they have learned that true security went beyond penetration testing. They had to take a more initiative-taking approach. For example, the attack surface back in 2001 was minuscule compared to what is happening today. Covid has encouraged remote access, sensors are everywhere, and cheap storage has allowed malicious actors the opportunity to place code in unimaginable places. A tech leader must be able to identify and protect the unknown. The first step is to protect the external-facing network and the internal network. The internal aspects can be controlled by tools classified as Cyber Asset Attack Surface Management analysis. The external system can be examined by an External Attack Surface Management system as well. That may be a terrific beginning, but this knowledge must be augmented while simulating an attack. NetSPI can assist an agency in developing an attack plan and narrative. That way, they can understand their risk profile and optimize methods to recover from an attack. During the interview, Vinay Anand gives a terrific overview of the development of different methodologies behind system protection.  Want to leverage you next podcast appearance? https://content.leadquizzes.com/lp/fk1JL_FgeQ Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com

Ep. 162 Managing Kubernetes can Increase Security and Reduce Cost The military likes to use the phrase “situational awareness.”  Of course, it is important in an anticipated conflict; it can also apply when managing complex federal IT systems. For example, we have seen federal systems move to the cloud. This transition allows for more flexible ways to manage applications, especially with units that can include code, commonly called containers. However, the ease of scale with this cloud environment means that we are presented with challenges in managing these containers. Kubernetes was developed to offer a limited solution for managing replication, load balancing, and scheduling. However, Kubernetes has limitations. Today, we sit down with Dan McGuan from Rancher Government Solutions. During the interview, he describes how they has worked with many agencies over the years to help them with the complex management of virtual systems. For example, we see malicious actors targeting containers. Basic Kubernetes was not designed for cyber protection. Dan McGuan describes how they have worked with Mitre to design a hardening guide for Kubernetes. Another example is controlling energy consumption. Some have described ships in the U.S. Navy as “floating data centers.”  Every data center has a challenge with energy consumption. Rancher Government Solutions is collaborating with companies like nVidia to present solutions that drastically reduce energy consumption in limited environments like warships. Managing a complex abstract environment can yield more security, more control over data, and reduce infrastructure costs.   Want to leverage you next podcast appearance? https://content.leadquizzes.com/lp/fk1JL_FgeQ Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com