Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne.

After a decade of prodding and an adventure with COVID-19, it looks like the federal government is making the transition to the cloud. Dynatrace has surveyed 300 federal information technology professionals to talk about their challenges in moving to the cloud.

Willie Hicks is the federal CTO at Dynatrace. He joined host John Gilroy on this week’s Federal Tech Talk to discuss the survey and its findings. From an overview perspective, it looks like the cloud acceleration is taking place but the movement to artificial intelligence seems to be much slower to be adopted.

Hicks thinks that users are not sure of the exact application for artificial intelligence. He states that observability of an entire system can be provided when artificial intelligence is used appropriately. This means that malicious code, like Log4Shell, can easily be identified and remediation can be begun.

The Department of Veterans Affairs is looking at moving over 300 apps to the cloud by 2024. Hicks is focused on this as an example of how to set priorities. He suggests that taking network visibility to the next level, which Dynatrace calls “observability,” will allow federal managers to automate systems. This automation will allow for around-the-clock awareness and control. This will reduce costs and improve awareness of malicious actors in federal networks.

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne.

This week on Federal Tech Talk, host John Gilroy speaks with Patrick Sullivan, chief technology officer of Security Strategy at Akamai Technologies. He will give listeners a well-respected opinion on applying zero trust to federal information technology.

The discussion began by contrasting network segmentation to micro-segmentation. This is an essential prelude before beginning the conversation about zero-trust architecture. One way Sullivan describes the benefits of micro-segmentation is that it limits the “blast radius” of a cyber attack.

He draws a parallel with ship construction. Independent parts are designed to survive autonomously if there is an attack. The same applies to a cyber attack: micro-segmentation will limit the damage to a specific, defined area.

Sullivan also suggests that concepts like “orchestration” and automation will enable systems administrators. There is no way a person can manually configure a system into microsegment without taking advantage of automation capability.

Probably the highlight of the interview was the observation that the path to zero trust is not a “one size fits all.” Every federal agency varies with legacy systems and current migration. A customized approach that is based on compliance and best practices for deploying zero trust.

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne.

Everyone reading this has heard of the 90-year-old brand, Motorola.  Motorola Solutions provides mission critical communications for many federal agencies.  This is especially true for agencies whose mission includes activities at the edge.

Joe Balchune is the vice president and general manager of Federal Markets at Motorola, and he joined host John Gilroy on this week’s Federal Tech Talk to explain what Motorola Solutions means to the federal audience.

Today’s federal technology professional recognizes the benefits of moving to the cloud.  This includes on demand self-service, rapid elasticity, and resource pooling. The differentiator for Motorola Solutions is its ability to integrate with cloud services to provide communication to any device on any network.

During the interview, Balchune compares traditional Land Mobile Radio (LMR) networks and Long Term Networks (LTE). Years of experience allows his company to leverage the cloud for improved public safety, law enforcement, and national defense.

One example he gave is the ability to incorporate car mounted video and even body mounted video into a network solution that provides the maximum in visibility possible.

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne.

Here in February of 2022, we have seen a sea change in the world of software development and the Defense Department. Perhaps it is because John Sherman was confirmed as the chief information officer, or it was the phase of the moon. No matter the cause, we have seen solid changes in the way Cybersecurity Maturity Model Certification is structured as well as a statement from Kathleen Hicks on software modernization.

It looks like DoD is all in on improving its software development process. The document includes carefully worded phrases like, “reasonable number of service providers,” and “disparate cloud portfolio.”

Vimesh Patel is the chief technology advisor for WWT. He joined host John Gilroy on this week’s Federal Tech Talk to discuss the challenges of software modernization for the federal government. Patel has decades of experience working for an intelligence agency and he applies that background to understand these challenges.

During the interview, he looks at all these newsworthy events and puts them in perspective. He examines topics like Zero Trust, artificial intelligence, and incorporating testing into software development.

This means if the person is sitting at a desk in the Pentagon or the field. Patel suggests that all this effort in streamlining technology, automation, and leveraging technology serves one purpose only: To improve service to the warfighter.

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne.

Testing has always been looked at as the red-headed stepchild of software development. Traditionally, the newest person on staff would be charged with the tedious and unrewarding task of testing code. In today’s conversation, we will examine the concept that testing can save money and increase speed in the software development life cycle.

Tim Odom is the director of Business Technology Solutions Development at Vidoori. He joined host John Gilroy on this week’s Federal Tech Talk to discuss the value of high-performance testing. During the interview, Odom gives many examples where incorporating a centralized approach will benefit enterprise organizations. He talks about “synthetic” data. This can be considered as an alternative to real-world data. This is ideally used in a testing environment to assess whether code works, is compliant, and is structured for future changes.

Odom’s company, Vidoori, has launched a center for excellence that has a focus on how to apply testing to reduce costs for software development.

One essential concept that Tim underscores is, when applied correctly, testing can make leaders take the initiative in addressing issues that concern dependencies and integration. One example he uses is if a federal agency moves to the cloud and wants to move back on-premises. The informal term for this is “Data Repatriation.”  More common than many think, cloud service providers may not be a perfect fit for every federal situation.

Moving back on-site does not entail a lift and shift. It will entail a careful look at where the cloud-based system will fit into the original system.

Testing is not very stylish, not trendy, but can give a federal leader assurance in completing a major task on time and under budget.

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne.

This week on Federal Tech Talk, host John Gilroy speaks with Duncan Jones, head of Cybersecurity, and Tom Benjamin, president at Cambridge Quantum North America. They will discuss quantum computing and federal information technology.

There seems to be much interest in this topic in the federal government. In fact, in 2018 the federal government launched the National Quantum Initiative. The Department of Energy is investing $63 million in quantum computing.

It is not just the brainiacs at Los Alamos and Livermore Laboratory. On Dec. 7, 2021, in a survey of 104 federal respondents, 76% believe modern technologies will break standard encryption. Further, 57% believe it will happen in the next two years. Experts suggest that quantum technology will enable this breakthrough.

The hardest part is trying to get an understanding of quantum computing. Jones gives an overview. He posits classical computing operates in the binary world off ones and zeros. The answers fall neatly into one bucket or another. Quantum theory postulates multiple results.

Benjamin suggests that quantum knowledge can be applied to concepts beyond cryptography. The three accepted areas are communications, computing, and metrology. He also points out that understanding massive data sets can assist in FEMA structuring a response. When it comes to accurate timing, quantum can assist in making the timing precise for communications in satellites.

The federal government understands the impact quantum will have, and companies like Cambridge can provide solutions that can be evaluated today.

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne.

This week on Federal Tech Talk, host John Gilroy spoke with Bob Stevens, Area VP of Public Sector at GitLab. Stevens described the entire process of the software development life cycle and provided guidelines on ways to incorporate testing in all aspects of project completion.

The problem was recognized back in 2005 when the creator of Linux, Linus Torvald, correctly diagnosed the problem with several people working on one large software project. There was no way to track changes. He produced an open-source solution called “Git.”

One concern was different teams would be using a variety of tools for a project. It is quite possible that each person may be using a different version of a tool, leading to chaos in the final project.

Agile software development was a significant boost to the concept of source code management. Some federal studies show 60% of federal agencies are using an iterative approach to software development.

Finally, Covid-19 has pushed developers to work remotely, and a system that manages the entire project has been proven to be successful in many agencies.

GitLab provides a platform for enterprise-level source code management. During the interview, Stevens uses example after example of how an organization can increase velocity visibility while, at the same time, building in security to the entire process.

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne.

Making the transition to the cloud is difficult in the commercial world and much more difficult in the federal workplace. One issue that concerns both is allowing access to data. Immuta has a hard-earned reputation for working with the Intelligence Community to assist them with the complicated world of controlling access.

Immuta is sharing cloud data access control to civilian and military agencies of the federal government. Nancy Patel is the general manager, Public Sector and Danny Holloway is the Public Sector Field chief technology officer at  Immuta. They joined host John Gilroy on this week’s Federal Tech Talk to share methods to overcome some of the typical access-control issues inherent in applying zero trust principles to enterprise-level applications and data.

The federal government suffers the same issues as commercial managing data access when it comes to the cloud: Old infrastructure, loss of control, resistance to change, and trust. Patel has decades of working with extremely sensitive information. She observes that the proliferation of data and its constant change will force federal administrators to consider automating the policies for data access.

Holloway differentiates between Role-Based Access Control and Attribute-Based Access Control, especially in federal applications. He suggests that ABAC is the preferred method to tell administrators what was accessed, when it was accessed, by whom, and for what purpose.

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne.

The federal government needs to increase the speed of software innovation to bring key services to our citizens as well as capabilities to our warfighters.

Cloud, Cloud Native development, and open-source software are key to innovation, but modern technology presents new cybersecurity risks.  Cybersecurity needs to be an enabler, not a blocker to new capabilities.

Kurt Greening, Leader Public Sector, Public Cloud, Palo Alto Networks, joined host John Gilroy on this week’s Federal Tech Talk to discuss how innovations from his company are helping federal IT officials address some of these issues.

During the interview, Greening referred to a free cloud threat research report from Unit 42 by Palo Alto Networks that showed 63% of third-party code templates used to build cloud infrastructure contained insecure configurations. Further, 96% of third-party container applications deployed in cloud infrastructure have known vulnerabilities.

The speed of innovation in the cloud is staggering, and it can be difficult to manage an increasingly complex set of dependencies. With all these variables, there is a higher chance of misconfiguration.

To address those concerns, Palo Alto Networks has invested $1.1 billion in research and development in 2021 alone. The company has acquired and integrated 17 acquisitions into a comprehensive platform that helps agencies implement zero trust architectures.

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne.

Danny Jenkins, CEO, and co-founder of ThreatLocker joined host John Gilroy on this week’s Federal Tech Talk to give his perspective on cybersecurity for federal information technology.

The beginning of the interview focused on the issues brought up by the Log4j incident. CISA Director Jan Easterly has said Log4j is “The most serious vulnerability I have ever seen in my decades-long career.” Jenkins said that many free tools are available to manage open-source software, and this is an example of one of them.

The concern he has is that it has already been installed in hundreds and hundreds of servers, and it will take months, or years, to understand the ramifications of this attack.

One approach he suggests is to have automated controls over federal applications and storage. That way, if malicious code is injected into your system, you can have a method to detect where it has embedded itself.

Jenkins introduced the concept of “ring-fencing” to the discussion. The term originated on the farm — the idea was to build a barrier to protect animals. The financial industry took the term and applied it to isolating assets to protect them from risk. As applied to the world of information security, ring-fencing considers risk management when allowing access to data and other digital resources.

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne.

This week on Federal Tech Talk, host John Gilroy interviewed Gil Vega, chief information security officer for Veeam. He brought a great perspective on data protection for the federal government.

His first observation was that if a federal information technology manager is not managing cybersecurity incidents, then they are simply not seeing them. The point is that networks today are compromised. Malicious actors are relentless and if you are not constantly on guard, your system will be attacked.

When it comes to backups, they have no value for any enterprise system if ransomware has place code that is dormant in the middle of the backup.  One approach that ransomware can take is to first go after the backups.  Then, when an organization refuses to pay the ransom and restores, they will be saddled with the same attack.

The idea is to invest in a backup system that constantly looks for new code variations and checks your backups for anomalies. Continuous data protection means scanning the current system as well as your backups.

Vega also described something called polymorphic attack.  This is an incident where two separate sets of code are placed on a network, they combine and form a separate signature. System administrators must think about the constant changes that take place in today’s world.

We also finally got a good differentiation between backup, replication, and storage snapshot.

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne.

CMMC is a certification program for the companies that provide goods and services for the DoD. I began in 2019 and got a lot of media attention until the end of 2020. For several months, the DoD has been quiet about CMMC, and in November of 2021, we have seen a lot of activity with revisions on the initial program.

Some have called this CMMC 2.0. It has substantial changes, including going from five levels to three levels and bringing back the idea of correcting deficiencies through a Plan of Action and Milestone ability.

Some think that the initial CMMC requirements were burdensome for small companies, and the changes are a response to reactions from that community. If innovation comes from smaller companies, would CMMC security mandates remove that source of creativity?

Michael Speca is the president of Ardalyst and he joined host John Gilroy on this week’s Federal Tech Talk to give an update on the CMMC initiative from the Department of Defense.

Speca gives his opinion on the change. He has a good perspective because Ardalyst works with a wide variety of companies in compliance.

During the interview, Michael Speca talks about the changes in levels of CMMC compliance as well as the changing role of the CMMC Third Party Assessment Organizations.

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne.

It will be no surprise to a federal IT leaders to read the study from Deltek where they project $2.1 billion to be spent on cloud services in 2022. Also, no look of shock when Jason Miller reports that the typical federal agency used seven different cloud services.

The shock comes when new technology approaches force an agency to get a grasp on managing this deluge of data. Today’s data could be generated from automated systems, sensors in the ocean, or even a mere mortal. A lighthearted way to look at classifying today’s data is structured, unstructured and unexpected.

Bill Wright is the senior director of North American Government Affairs at Splunk and he suggests that getting a handle on machine data can provide the leverage that federal technology leaders need to ingest, monitor, analyze and search that data.

Wright joined host John Gilroy on this week’s Federal Tech Talk and talked about malicious code that burrows into these large data sets and waits for years to become active. He reviews some of the federal initiatives to prevent this ability to sit in a system for a long time without being detected.

You will also hear Wright’s opinion on whether the Cybersecurity Executive Order will create an environment where agencies can increase cyber hygiene.

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne.

Most folks think of Oracle and massive data bases, but this week on Federal Tech Talk, host John Gilroy and his guest, Mark Johnson, focused on the challenges federal information technology people have in transitioning to the cloud.

Johnson is vice president of Federal Cloud at Oracle. He has an extensive background as a test pilot, so the concept of risk management is in his DNA. Starting from this point of view, Johnson looked at several issues that federal IT managers have to consider.

He described some of the key differentiators among the primary cloud service providers. Rather than delving into a technical discussion of the number of terabytes in a node, Johnson talked about how the Oracle Cloud assists with compliance and speed for federal projects.

One capability that Oracle can provide is to remove concerns with moving a stack from on premises to the cloud. An agency doesn’t have to worry about system degradation, the transition can be flawless.

A strong cloud service provider like Oracle is transparent when it comes to fees, especially ingress and egress fees. This model allows federal leaders to plan and allow them to shift money to other areas. One observation Johnson made was about the cost of refactoring when cloud transitions are being considered.

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Fed Tech Talk’s audio interviews on Apple Podcasts or PodcastOne.

This week on Federal Tech Talk, Dan Graves, chief technology officer at Delphix, joined host John Gilroy to explain why Delphix is one of the best kept secrets in Silicon Valley.

Over the past few years storage has gotten cheap and there has become a fusion of data sources. It seems like we have advanced dramatically in the way we collect and store information yet have serious challenges when it comes to managing that diverse data set.

For example, a federal agency may have to pull data from an old IBM mainframe, a proprietary system, or even a hybrid cloud. Once they create an amalgamated data set, they are subjected to a classic “push-pull.”

Leaders know they have a responsibility to make sure that data complies with strictures of federal compliance. At the same time, the agency will have data scientists demanding access to all aspects of that data, as soon as possible.

During the interview, Graves suggested that a concept called “masking” can assure federal leaders that no personal information is released while allowing analysts to draw meaning from massive amounts of information.

Another concept Graves explained was the idea of referential integrity. When a federal agency draws from a wide range of sources, they can be assured all its references are valid.