Tech Transforms: More Than Meets the Eye. Global technology is changing the way we live. Critical government decisions affect the intersection of technology advancement and human needs. This podcast talks to some of the most prominent influencers shaping the landscape to understand how they are leveraging technology to solve complex challenges while also meeting the needs of today's modern world.
Jason Miller is the Executive Editor of Federal News Network and has covered the federal technology space over the course of five Presidential administrations. He brings his wealth of knowledge as he joins Tech Transforms to talk about AI, the top things government agencies are working towards this year and his predictions around FedRAMP changes. Jason also pulls on his decades of experience as he discusses events that changed the nation's approach to cybersecurity and the longstanding need to have data that is better, faster and easier to use.Key Topics00:00 AI's impact on texting and cloud's significance.04:17 Federal Enterprise Risk Management in government tech.07:20 AI trends shifting toward real-time application.11:22 2025 and 2027 deadlines for zero trust.13:31 CISOs and CIOs adapting to modern technology.16:45 Frustration with FedRAMP leads to reform efforts.21:39 Applying similar model to expand decision-making.23:37 GSA discussed OSCAL at private industry day.27:55 CISA's role has grown within DHS.30:33 Increased transparency in cybersecurity changed approach significantly.34:17 Reflecting on the 2006 significance of data.39:19 AFCEA events bring together good people.42:53 Fascination with government architecture and dedicated government workers.44:35 Promoting positivity and accountability in government industry.Cybersecurity Evolution: Examining Technology's Political Neutrality and AI Commitment Through Administrative ChangesConsistent Focus on Cybersecurity Evolution Across Political AdministrationsJason expressed a clear conviction that technology issues are largely immune to political fluctuation and are a continuity in government agendas. Reflecting on his experience across five administrations, he noted that the foundational technological discussions, such as cloud adoption, cybersecurity enhancement and overall IT improvement are fundamentally preserved through transitions in political leadership. He highlighted that the drive to enhance government IT is typically powered by the resilience and dedication of public servants, who generally carry on valuable reforms and initiatives regardless of the sitting administration's politics. These individuals are essential to sustaining progress and ensuring that technology remains a key priority for effective governance.Federal IT Policies Consistency: "No one comes in and says, I'm against AI, or cloud is bad, move back on premise, or cybersecurity, defund cybersecurity. I think those are the issues that stay the same." — Jason MillerExecutive Orders and AI AdoptionAddressing the specifics of executive orders, particularly those influencing the implementation and development of artificial intelligence (AI), Jason examined their historical persistence and their potential to shape operational practices in the government sector. He and Mark discussed how the stability of AI-related orders through various administrations is indicative of a broader governmental consensus on the integral role AI holds in modernizing federal operations. Despite changes in leadership, the incoming officials frequently uphold the momentum established by their predecessors when it comes to leveraging AI. Indicating a shared, bipartisan recognition of its strategic importance to the government's future capabilities and efficiencies.Cybersecurity Evolution: Zero Trust Principles and Network Security Challenges in Federal AgenciesZero Trust and Cybersecurity BudgetingDuring the podcast, Carolyn and Jason delve into the current trends and expectations for federal cybersecurity advancements, with a particular focus on zero trust architecture. Their discussion acknowledged that agencies are on a tight schedule to meet the...
Can you spot a deepfake? Will AI impact the election? What can we do individually to improve election security? Hillary Coover, one of the hosts of the It's 5:05! Podcast, and Tracy Bannon join for another So What? episode of Tech Transforms to talk about all things election security. Listen in as the trio discusses cybersecurity stress tests, social engineering, combatting disinformation and much more.Key Topics04:21 Preconceived notions make it harder to fake.06:25 AI exacerbates spread of misinformation in elections.11:01 Be cautious and verify information from sources.14:35 Receiving suspicious text messages on multiple phones.18:14 Simulation exercises help plan for potential scenarios.19:39 Various types of tests and simulations explained.23:21 Deliberate disinformation aims to falsify; consider motivation.27:44 India election, deepfakes, many parties, discerning reality.32:04 Seeking out info, voting in person important.34:18 Honest cybersecurity news from trusted source.38:33 Addressing bias in AI models, historic nuance overlooked.39:24 Consider understanding biased election information from generative AI.Navigating the Disinformation QuagmireDissecting Misinformation and DisinformationHillary Coover brings attention to the pivotal distinction between misinformation and disinformation. Misinformation is the spread of false information without ill intent, often stemming from misunderstandings or mistakes. On the other hand, disinformation is a more insidious tactic involving the intentional fabrication and propagation of false information, aimed at deceiving the public. Hillary emphasizes that recognizing these differences is vital in order to effectively identify and combat these issues. She also warns about the role of external national entities that try to amplify societal divisions by manipulating online conversations to serve their own geopolitical aims.Understanding Disinformation and Misinformation: "Disinformation is is a deliberate attempt to falsify information, whereas misinformation is a little different." — Hillary CooverThe Challenges of Policing Social Media ContentThe episode dives into the complexities of managing content on social media platforms, where Tracy Bannon and Hillary discuss the delicate balance required to combat harmful content without infringing on freedom of speech or accidentally suppressing valuable discourse. As part of this discussion, they mention their intention to revisit and discuss the book "Ministry of the Future," which explores related themes. Suggesting that this novel offers insights that could prove valuable in understanding the intricate challenges of regulating social media. There is a shared concern about the potential for an overly robust censorship approach to hinder the dissemination of truth as much as it limits the spread of falsehoods.The Erosion of Face-to-Face Political DialogueThe conversation transitions to the broader societal implications of digital dependency. Specifically addressing how the diminishment of community engagement has led individuals to increasingly source news and discourse from digital platforms. This shift towards isolationistic tendencies, amplified by the creation of digital echo chambers, results in a decline of in-person political discussions. As a result, there is growing apprehension about the future of political discourse and community bonds, with Hillary and Tracy reflecting on the contemporary rarity of open, face-to-face political conversations that generations past traditionally engaged in.The Shadow of Foreign Influence and Election IntegrityChallenges in India's Multiparty Electoral SystemIn the course of the discussion, the complexity of India's...
Deborah Stephens, the Deputy Chief Information Officer for the United States Patent and Trademark Office (USPTO), “grew up” so to speak in the USPTO. Deborah led the USPTO on its agile journey. As the agency took on its “New Ways of Working, '' by moving people and resources closer to the work, she helped empower employees to build and deploy software. Deborah shares how she guided the agency through this 4-year change journey, gaining buy-in from the organization, which was proved by an engagement rate increase from 75% to 85%. Deborah also talks about what it means to be a HISP, running USPTO as a business that is entirely self-sustaining, and, in honor of Women's History Month, the women who have inspired her along the way.Key Topics05:54 Some embraced digital change, others struggled with it08:53 Most employees were ready for telework10:59 USPTO shifts to agile approach for IT16:41 Gathering feedback led to 10% engagement increase23:50 Customers submit 600,000+ patent and trademark applications yearly26:51 Agency conducts outreach through webinars and trademarks31:06 Customer experience and UX processes are fundamental33:45 USPTO offers different fee structures for entities35:30 USPTO runs efficiently with prioritization and budgeting39:43 Acknowledging strong women, personally and professionally43:21 Seek guidance and practice for successGrowth in Patent and Trademark RequestsSurge in Applications at USPTODeborah Stephens highlights a significant increase in the number of patent and trademark applications received by the USPTO over the years. This growth, from approximately 350,000 to 400,000 applications in 2012, with numbers continuing to rise, underscores the vibrant culture of innovation and creativity in the United States. The upward trend of applications is a positive sign of the country's ongoing commitment to innovation. However, it also presents logistical challenges for the USPTO. Including the need to process a higher volume of applications efficiently while ensuring the quality of examination does not diminish.Transition to New Ways of Working in U.S. Patent and Trademark Office: "And so in around late 2018, 19, we began our, what we referred to as our agile journey. We named it our New Ways of Working, which essentially is an entire USPTO effort. Including our business unit with 12 other business units, moving people and the resources closer to the work. Giving them that empowerment, to build, deliver, deploy software, product services for our business stakeholders, and that's both internally and externally." — Deborah StephensUSPTO is Adapting to Increased DemandIn response to the growing demand for intellectual property protection, the USPTO has been proactive in seeking ways to maintain and improve service delivery. Deborah discusses the agency's approach to managing the influx of applications, focusing on scalability and efficiency. Despite the challenges posed by the increase in applications, the USPTO's designation as a High Impact Service Provider (HISP) has had minimal impact on its existing customer experience strategy. The agency's foundational commitment to delivering exceptional service to inventors and entrepreneurs remains steadfast. With an emphasis on continuous improvement and the adoption of new strategies to better meet the needs of the U.S. innovation community.USPTO's Fee-Funded Model and Fiscal StrategyUSPTO's Fee-Funded OperationsDeborah highlights the United States Patent and Trademark Office's (USPTO) operational model, which is uniquely self-sufficient. Relying entirely on fees collected from patent and trademark applications.
As technology rapidly evolves we as a nation need to anticipate the attacks that may come about as a result of that innovation. Travis Rosiek, the Public Sector CTO at Rubrik and former Leader at the Defense Information Systems Agency (DISA), joins Tech Transforms to talk about how the government's approach to technology and relationship with industry has evolved over the last twenty years. He also discusses compliance, including FedRAMP compliance, managing the vast amount of data that is generated daily across the government and industry, and the importance of the U.S. Government building cyber resilient systems. Catch all this and more on this episode of Tech Transforms.Key Topics00:00 Government fielded and tested tech capabilities, explained compliance.05:23 Enhanced security collaboration, compliance, and risk minimization.09:14 Experience in government and commercial capabilities. Innovation.10:12 Commercial companies prioritize profitability over long-term planning.14:38 Challenges in public sector recruiting and retention.18:49 Outsourcing SaaS applications frees up resources. AI evolving, human input remains essential.22:33 Assessing incident response: Operational evaluation, not just compliance.25:57 Vendors and program office face process challenges.29:46 Secure cloud data access: visibility, risks, controls.32:27 Emphasizing need for security in IT systems.36:44 CISOs face challenges in evolving tech landscape.38:11 Support CISOs, recruit and retain talent, accountability.Evolving Cybersecurity Practices: A Shift to 'Cloud Smart' StrategiesTravis's Perspective on Cloud MisconceptionsTravis discusses the early days of cloud adoption, which were often fueled by misconceptions about its benefits. The migration toward cloud computing was commonly believed to be a cost-effective solution that would reduce expenses and simultaneously enhance security. However, he points out that this was not always the case. Many organizations have since realized that the initial cost of moving to the cloud can vary greatly based on specific use cases and applications. This realization has led to a strategic shift toward what Travis refers to as a "cloud smart" approach. Highlighting the need for a more discerning and tailored evaluation of how cloud resources are utilized.The Role of Commercial Companies vs. Government in Problem-Solving: "Industry is great about solving problems. You know, driving that capitalism type of culture, building capabilities, selling solutions. And they're quicker to implement, adapt and deploy capabilities where the government is very slow in implementation of these you know, they can figure out the problem." — Travis RosiekThe 'Cloud Smart' Strategic ApproachTaking a "cloud smart" approach indicates a maturation in the perception of cloud services by government agencies and businesses alike. Rather than a blanket strategy of cloud-first, Travis indicates that there is now a more nuanced consideration of when and how to use cloud services. He underscores the importance of aligning cloud adoption with an organization's unique needs. Including the potential scalability, security and cost implications. This approach suggests a collaborative and informed decision-making process. Recognizing that the cloud offers a variety of solutions, each with different features, advantages and trade-offs that must be carefully weighed against organizational goals and objectives.Navigating Cybersecurity Practices in Cloud MigrationThe Balance of Technical and Non-Technical Implications in Cloud MigrationTravis discusses the intricacies involved in organizational cloud migrations. Emphasizing that these undertakings are not solely about technological transitions but...
Sebastian Taphanel has spent his life on the cutting edge of technology and innovation. This week on Tech Transforms, Sebastian is sharing tales and lessons learned from his 20 years in DoD Special Ops and intelligence and 20 years implementing sound security engineering practices focused on implementing zero trust and highly resilient environments. Join Sebastian as he recounts his time in Special Forces taking his units out of the dark ages from secure fax communications to setting up an intranet, and how he continued with that innovative spirit through his 40-year career. He also shares his new passion, encouraging the industry to utilize disabled veterans to help fill both the cybersecurity and AI workforce gaps. They, after all, already have a call for the mission.Key Topics03:38 ODNI CIO responded quickly with Microsoft Azure.07:03 Protecting data via application container, expanding capabilities.11:01 Zero Trust redrawn cybersecurity model, data-centric approach.13:57 Developing zero trust plan for downstream organizations.18:50 Ensuring security while sharing information and protecting IP.21:35 APIs, containers enable fluid, flexible data access.24:20 Data protection systems allow secure sharing and storage.27:02 Addressing cybersecurity workforce gap and AI need.29:39 In 1998, new commander requests secure WAN.33:49 Applied for certified protection professional, highest security certification.36:28 Passionate about supporting disabled vets in cybersecurity.39:55 Mentoring government employees for cybersecurity and AI/ML.45:32 Using advanced generative AI solutions for copywriting.47:19 Update cybersecurity tools and systems for new threats.49:50 Respect for those dedicated to automation.Enhancing Secure Communication and Cloud Environments in Special OpsSpecial Ops Agility: Adapting to Remote Collaboration with Secure Cloud-Based WorkspacesSebastian Taphanel's experience spans twenty years in DOD Special Ops and Intelligence, followed by consulting in security engineering. The focal point of this episode is his role in advancing cybersecurity practices at the ODNI. Particularly emphasizing resilient cloud-based environments.Sebastian describes the quick adaptation during the pandemic which led to the rollout of an ad hoc cloud-based workspace to ensure the ODNI's mission could endure despite the workforce being remote. GCC High, or Government Commercial Cloud High as conceived by Microsoft, is revealed as the successor to the initial setup. Providing a more secure platform managed strictly by U.S. persons. The approach highlighted the agility of cloud technology for remote collaboration within federal agencies.Cybersecurity in Intelligence Sharing: "Essentially, reciprocity is a process and also a culture of accepting each other's risks. And that's really the bottom line on all that." — Sebastian TaphanelUnfolding the GCC High EnvironmentThe intricacies of implementing Microsoft Azure and M365 (Office 365) are detailed as Sebastian underlines their pivotal use in creating an intranet with controlled document sharing and editing. These implementations include robust Mobile Device Management. Then a BYOD Mobile Application Management system that protects sensitive data in government and personal devices. Thereby, ensuring operational security and flexibility.Special Ops Communication EvolutionSebastian advanced from using secure faxes for interstate communication within military units to establishing a multi-state secure WAN. This resulted in a significant leap in communication efficacy for special operations. Sebastian shared the...
The real question is, what doesn't Dr. Amy Hamilton do? She's currently the visiting Faculty Chair for the Department of Energy (DOE) at National Defense University and the DOE Senior Advisor for National Cybersecurity Policy and Programs, and has had previous stops in the U.S. Army Reserves, NORAD and U.S. European Command, just to name a few. At National Defense University, Amy draws on all of this expertise to educate the workforce on AI and finding the right balance between automation and workforce training. Amy also explores how she teaches her students that cybersecurity has to be more than a 9-5 job, the balance of security vs. convenience, and how it will take the entire country getting on board to make the implementation of cybersecurity best practices truly possible. In this episode, we also dive into the realm of operational technology and the need to look to zero trust as we allow more smart devices into our lives and government ecosystems.Key Topics00:00 Importance of training, education and AI integration.06:52 Cybersecurity, AI and building codes challenges.09:47 Nuclear facilities need caution, open labs innovative.11:58 Helping students understand federal government and cybertech.15:37 Cyber college compared to traditional university programs.17:18 National Defense University offers master's degree programs.22:06 Addressing the urgent need to combat intellectual property theft.24:32 Passionate plea for cybersecurity vigilance and dedication.26:40 Using automation to streamline cybersecurity operations and training.32:06 Policy person struggles to tie guidance together.33:02 Collaboration is needed for addressing industry issues.38:25 Rethink security for devices in smart tech.41:16 Choosing sustainability as a guiding principle.43:22 Overcome writing and presenting challenges for success.Leveraging AI and Automation for Cyber InnovationEmphasizing Efficiency in the Generation of AbstractsDr. Amy Hamilton underlines the capabilities of artificial intelligence to streamline time-consuming processes, specifically the creation of abstracts. This innovation allows for a transition from mundane, repetitive tasks to pursuits that require a deeper cognitive investment. Therefore, elevating the nature of the workforce's endeavors. Dr. Hamilton's discussion focuses on the practical applications of this technology, and she cites an instance from the National Defense University's annual Cyber Beacon Conference. Here, participants were challenged to distinguish between AI-generated and human-generated abstracts, often finding it challenging to tell them apart. This exercise not only highlighted AI's proficiency but also introduced the workforce to the safe and practical application of this emergent technology.How do we use AI in a way that goes from low-value to high-value work? If I'm not doing abstract, what other things could I be doing and spending my brain calories towards? - Dr. Amy HamiltonPreparing the Workforce for Cyber InnovationDr. Hamilton stresses the necessity for workforce education in the context of AI and automation. Aiming for a future where employees are neither intimidated by nor unfamiliar with the advancing technological landscape. She illustrates the Department of Energy's proactive role in integrating AI into its training programs. Thus, ensuring that employees are well-acquainted with both the operational and potential ethical dimensions of AI deployment. Acknowledging the diverse range of operations within the DOE, including nuclear and environmental management, Dr. Hamilton notes that the appropriateness of AI application varies by context. Signifying the...
Have you heard? Data is the new oil. JR Williamson, Senior Vice President and Chief Information Security Officer at Leidos, is here to explain where data's value comes from, the data lifecycle and why it is essential for organizations to understand both of those things in order to protect this valuable resource. Join us as JR breaks it all down and also explores the concept he dubbed “risktasity,” which he uses to describe the elasticity of rigor based on risk. As he says, “when risk is high, rigor should be high, but when risk is low, rigor should be low.”Key Topics00:00 Migration to the cloud has increased vulnerability.04:50 People want decentralized work, including mobile access.08:14 Shift from application to democratizing access to data.10:53 Identify, protect, and manage sensitive corporate information.13:49 Data life cycle: creation, management, access, evolution.20:10 Computers augmenting humans, making good decisions, insights.23:19 The importance of data in gaining advantage.27:04 Adapting to AI to anticipate and prevent breaches.28:51 Adoption of large language models in technology.33:03 Identity and access management extends beyond authentication.36:33 Leveraging strengths, improving weaknesses in tennis strategy.Tracing the Cybersecurity Evolution and Data's AscendancyEvolution of CybersecurityJR provided a snapshot into the past, comparing cybersecurity practices from the 1990s to what we see today. With 37 years of experience, he recalled a time when IT systems were centralized and the attack surfaces were significantly smaller. Contrasting this with the present scenario, he spoke about the current state where the migration to cloud services has expanded the attack surface. JR noted an increase in the complexity of cyber threats due to the widespread distribution of networks. Plus, the need for anytime-anywhere access to data. He stressed the transition from a focus on network security to a data-centric approach, where protecting data wherever it resides has become a paramount concern.Data Life Cycle: "So part of understanding, the data itself is the data's life cycle. How does it get created? And how does it get managed? How does it evolve? What is its life cycle cradle to grave? Who needs access to it? And when they need access to it, where do they need access to it? It's part of its evolution. Does it get transformed? And sometimes back to the risktasity model, the data may enter the content life cycle here at some level. But then over its evolution may raise, up higher." — JR WilliamsonThe New Oil: DataIn the world JR navigates, data is akin to oil. A resource that when refined, can power decisions and create strategic advantages. He passionately elucidated on the essence of data, not just as standalone bits and bytes, but as a precursor to insights that drive informed decisions. Addressing the comparison between data and oil, JR stressed that the real value emerges from what the data is transformed into; actionable insights for decision-making. Whether it's about responding with agility in competitive marketplaces or in the context of national defense, delivering insights at an unmatched speed is where significant triumphs are secured.Importance of Data SecurityJR Williamson on Data and "Risktasity"JR Williamson stresses the heightened necessity of enforcing security measures that accompany data wherever it resides. As the IT landscape has evolved, the focus has broadened from a traditional, perimeter-based security approach towards more data-centric strategies. He articulates the complexity that comes with managing and safeguarding data in a dispersed environment. Where data no longer resides within the confines of a controlled network but spans across a...
What will 2024 have in store for technology development and regulation? Our hosts, Carolyn Ford and Mark Senell, sat down with Roger Cressey, Partner at Mountain Wave Ventures, Ross Nodurft, Executive Director of the Alliance for Digital Innovation and Willie Hicks, Public Sector Chief Technologist for Dynatrace, to discuss their 2024 predictions. Discover what the experts think will occur next year in terms of FedRAMP, AI regulation, Zero Trust and user experience.Key Topics00:00 Revamping FedRAMP in 2024 leads to changes.06:40 Industry requests FedRAMP High; concerns about changes.08:20 Anticipating challenges but aiming for improvement.11:13 Pushing for reciprocity in government technology solutions.15:15 Ensuring human control in AI military use.19:06 Questioning AI use in defense and civilian sector.25:25 Increased investment in security and product regulation.27:21 Expect more AI news, less legislative involvement.30:30 Observability key for zero trust framework implementation.36:22 Prediction: Citizens will interface with AI technology.37:16 Focus on user experience in government systems.41:03 Election year brings unexpected black swan events.2024 Predictions for the Public SectorRevamping of the FedRAMP ProgramRoss predicts that in 2024, FedRAMP will be completely reauthorized based on a pending OMB memo that is expected to be finalized in late 2023. This revamp is intended to streamline and improve the FedRAMP authorization process to facilitate faster adoption of cloud-based solutions in government.However, Roger believes the changes could temporarily slow things down as agencies take time to understand the implications of the new FedRAMP structure on their systems and assess risks. This could require investments from industry as well to meet new requirements that emerge.FedRAMP 2024: "I think it's going to have a lot of agencies take a hard look at their risk and decide where they want to elevate certain high-valued assets, high-valued systems, high-valued programs, and the authorizations themselves are gonna raise in their level." — Ross NodurftShift From Moderate Baseline to Higher Baseline of ControlsAs part of the FedRAMP reauthorization, Ross expects many agencies will shift their systems from a moderate baseline to a higher baseline of security controls. With more interconnected systems and datasets, agencies will want heightened protections in place.Roger concurs that the increased scrutiny on risks coming out of the FedRAMP changes will lead organizations, especially those managing high-value assets, to pursue FedRAMP High authorizations more frequently.Increased Demand for a FedRAMP High EnvironmentGiven the predictions around agencies elevating their security thresholds, Willie asks Ross whether the pipeline of solutions currently pursuing FedRAMP High authorizations could face disruptions from new program requirements.Ross believes there will be some temporary slowdowns as changes are absorbed. However, he notes that the goals of the reauthorization are to increase flexibility and accessibility of authorizations. So over time, the new structure aims to accelerate FedRAMP High adoption.2024 Predictions: Navigating FedRAMP Changes While Maintaining Industry MomentumAs Ross highlighted, the intent of the FedRAMP reauthorization is to help industry get solutions to market faster. But in the short-term, there could be some complications as vendors have to realign to new standards and processes.Willie notes that companies like Dynatrace have already begun working towards FedRAMP High in anticipation of rising customer demand. But sudden shifts in requirements could impact those efforts, so he hopes there will be...
On this special So What? episode we go deeper in to some of the top stories being covered on the It's 5:05! podcast with It's 5:05! contributing journalist, Tracy Bannon. How are cybersecurity stress tests battling misinformation and aiding in election security? Is AI contributing to election disinformation? How is the CIA using SpyGPT? Come along as Carolyn and Tracy go beyond the headlines to address all these questions and more.Key Topics04:20 Proactive approach needed for software voting security.09:12 Deepfake technology can replicate voices and videos.12:38 Politics focuses on presidential level, ignores others.15:53 Generative AI creates new content from data.17:19 New tool aids intelligence agencies process data.20:13 Bill Gates discusses future AI agents on LinkedIn.25:24 Navigating biases in AI towards democratic values.29:13 CISA promotes continuous learning and holistic approach.30:51 Demystifying and making security approachable for all.33:33 Open source, cybersecurity, diverse professional perspectives discussed.Importance of Cybersecurity and Responsible AI UseEmbracing Cybersecurity Measures and Privacy ProtectionsIn their conversation, Carolyn and Tracy discuss the imperative nature of both individuals and organizations in embracing robust cybersecurity measures. As we live in an era where data breaches and cyber attacks are on the rise, the implementation of effective security protocols is not just a matter of regulatory compliance, but also about safeguarding the privacy and personal information of users. Tracy emphasizes the continuous need for cybersecurity vigilance and education, highlighting that it is a shared responsibility. By making use of resources like the CISA cybersecurity workbook, Carolyn suggests that individuals and businesses can receive guidance on developing a more secure online presence, which is crucial in a digital ecosystem where even the smallest vulnerability can be exploited.Addressing Biases in AI to Align With Public Interest and Democratic ValuesTracy expresses concerns over the biases that can be present in AI systems, which can stem from those who design them or the data they are trained on. Such biases have the potential to impact a vast array of decisions and analyses AI makes, leading to outcomes that may not align with the broad spectrum of public interest and democratic values. An important aspect of responsible AI use is ensuring that these technological systems are created and used in a way that is fair and equitable. This means actively working to identify and correct biases and ensuring transparency in AI operations. Plus, constantly checking that AI applications serve the public good without infringing upon civil liberties or creating divisions within society.Demystifying Cybersecurity: "We need that public understanding, building this culture of security for everybody, by everybody. It becomes a shared thing, which should be something that we're teaching our children as soon as they are old enough to touch a device." — Tracy BannonThe Proliferation of Personal AI Use in Everyday TasksThe conversation shifts towards the notion of AI agents handling tasks on behalf of humans, a concept both cutting-edge and rife with potential pitfalls. Carolyn and Tracy discuss both the ease and potential risks of entrusting personal tasks to AI. On one hand, these AI agents can simplify life by managing mundane tasks. Optimizing time and resources, and even curating experiences based on an in-depth understanding of personal preferences. Yet, Tracy questions what the trade-off is, considering the amount of personal data that must be shared for AI to become truly "helpful." This gives rise to larger questions related to the surrender of personal agency...
As technology rapidly innovates, it is essential we talk about technology policy. What better way to get in the know than to have an expert break it down for us? Meet Ross Nodurft, the Executive Director of the Alliance for Digital Innovation. Ross dives in, explaining the evolution of FedRAMP controls and the recent, giant, AI Executive Order (EO) from the White House. Listen in to find out what this EO means for the government, the industry and the workforce as the U.S. attempts to implement policy ahead of AI innovation.Key Topics04:25 Increasing security controls for cloud migration07:51 Discussion about customer feedback and cloud migration.12:17 Encouraging commercial solutions into federal government securely.15:39 Artificial intelligence shaping policy for future technology.16:54 AI EO covers critical infrastructure, AI, data, immigration.22:34 Guidance on AI impact assessment and testing.27:02 AI tools adoption must not be delayed.30:03 Ensure AI technologies have fail-safe mechanisms.32:08 Concern over rapid pace of technological advances.34:29 AI and technology advancing, policy aims control.39:37 Fascinating book on technology and chip history.The Future of Government Technology: Shifting to FedRAMP High and Accelerating Cloud AdoptionShift from FedRAMP Moderate to High for Sensitive WorkloadsWhen FedRAMP was established over a decade ago, the focus was on managing the accreditation of emerging cloud infrastructure providers to support the initial migration of workloads. The baseline standard was FedRAMP Moderate, which addressed a "good amount" of security controls for less risky systems. However, Ross explains that increasing volumes of more sensitive workloads have moved to the cloud over time - including mission-critical systems and personal data. Consequently, agencies want to step up from moderate to the more stringent requirements of FedRAMP High to protect higher-risk systems. This includes only allowing High-cloud services to interact with other High-cloud applications.The Evolution of Cloud Computing: "So right now, we're at the point where people are existing in thin clients that have access to targeted applications, but the back end compute power is kept somewhere else. It's just a completely different world that we're in architecturally." — Ross NodurftThe Future of Government Technology: Streamlining FedRAMP for the SaaS-Powered EnterpriseAccording to Ross, the COVID-19 pandemic massively accelerated enterprise cloud adoption and consumption of SaaS applications. With the abrupt shift to remote work, organizations rapidly deployed commercial solutions to meet new demands. In the federal government, this hastened the transition from earlier focus on cloud platforms to widespread use of SaaS. Ross argues that FedRAMP has not evolved at pace to address the volume and type of SaaS solutions now prevalent across agencies. There is a need to streamline authorization pathways attuned to this expanding ecosystem of applications relying on standardized baseline security controls.High-level Security Controls for Sensitive Data in the CloudAddressing Data Related to Students and ConstituentsRoss states that as agencies move more sensitive workloads to the cloud, they are stepping up security controls from FedRAMP Moderate to FedRAMP High. Sensitive data includes things like personal HR data or data that could impact markets, as with some of the work USDA does. Willie gives the example of the Department of Education or Federal Student Aid, which may have sensitive data on students that could warrant higher security controls when moved to the cloud.Ross confirms that is absolutely the case - the trend is for agencies to increase security as they shift more...
Have no fear, your new wingman is here! AI is by your side and ready to help you multiply your abilities. Patrick Johnson, Director of the Workforce Innovation Directorate at the DoD CIO discusses how his team is working to further implement AI ethically and safely in areas such as human capital to expedite finding talent. Patrick also shares his passion for building cyclical pipelines to ensure that talent, and ideas, flow seamlessly between the government and private sector. Join us as we dive further into AI's benefits and how government and industry can be cyber workforce innovation partners.Key Topics02:06 Lag in civilian workforce training upscaling needed.03:19 Balancing talent, training and automation for better security.08:22 Leaders understand AI as a force multiplier.12:15 Our motivations are different; utilizing AI for advancement.15:25 AI used for maintenance, scheduling, monitoring issues. Embracing technology.18:35 Questioning impact of technology on workforce integration.21:45 Knowledge, skills, ability, competency. Task-focused performance. Workforce coding. Qualification program ensures necessary skill sets. Tracking mechanism being developed. Vast department with skill spread.25:26 Real-time data for proactive leadership and action.27:05 Retention strategy includes talent competition and permeability.30:36 Improving marketing for civilian DoD jobs.33:49 It works for all sectors, find talent.40:19 Government employees and veterans bring valuable skills.41:27 Promote supply, train, partner for innovation.45:33 Virtual reality: future of government services and museums.The DoD's Cyber WorkforceCyber Workforce Improvement Is CrucialPatrick states that the Department of Defense's (DoD's) total cyber workforce, comprising military, civilian and industry partner contractors, is around 225,000 people. He notes that the DoD has the biggest gap in the civilian cyber workforce, which makes up about 75,000 people. According to Patrick, one of the key problems when bringing new cybersecurity technologies online is failing to adequately train the existing workforce on how to use and get value from those technologies. Training and Upscaling the Current Cyber WorkforceRather than pursuing full re-skilling of employees which can set them back, Patrick advocates for upskilling the current DoD cyber workforce. This involves assessing talent and capability gaps. Then providing the workforce with the necessary training to perform new technologies appropriately. Patrick states that partnering workforce members with automated processes like AI can help them become more effective by highlighting key info and threats.The Importance of Training and Upscaling in the Cyber Workforce: "Well, it's great to put new technology on the table. But if you don't take the time to train the workforce you have in the programs or the systems you're bringing online, you lose that effectiveness and you don't really gain the efficiencies or the objectives that you need to be."— Patrick JohnsonAutomation and AIAI Is Seen as a Partnership With the Human Cyber WorkforcePatrick views AI as a partnership with the human workforce rather than a threat. He emphasizes that AI should be seen as a "wingman or wingperson" that boosts productivity and acts as a force multiplier. Patrick explains that AI excels at rote, tedious tasks allowing the human workforce to focus more on creativity.AI Helps With Rote and Tedious TasksAccording to Patrick, AI is adept at attention-to-detail tasks that would be tedious for a human to manually perform. He provides the example of a cybersecurity analyst or defender whose productivity can be enhanced by AI highlighting anomalies in data...
Meet the man on a mission to make software bill of materials (SBOMs) boring. In this So What? episode, Tracy Bannon and Carolyn Ford sit down with Allan Friedman the Senior Advisor and Strategist at the Cybersecurity and Infrastructure Security Agency (CISA). Allan tells us about how he is working to change how all software on the planet is made and sold, no big deal right? Join us as we dive into the world of SBOMs, xBoMs, and Secure by Design.Key Topics03:59 Track open source licenses, establish shared vision.08:47 Discussing US government requirements, diversity in software.12:07 Framework helps organizations with secure software development.13:49 Organizations unaffected, prepare for impending software changes.17:40 Concerns about sharing software with potential security risks.20:59 Concerns about network security and regulatory pushback.24:14 Enhanced security measures save thousands of hours.27:53 Applying AI and data bombs in conversation.32:38 Discusses the importance of SBOM in cybersecurity.36:29 Rewriting global code is a complex task.39:39 At RSA, little focus on secure design.41:53 Organization's need for SBOM, call to action.43:55 Cooking for diverse family, diverse food requirements.Challenges and Implementation of SBOMsSelf-Attestation for SBOMsAllan Friedman explained that there is currently a self-attestation model for SBOMs, where companies can sign a form stating that they have implemented SBOMs, rather than providing the actual SBOM data. This allows flexibility for organizations that are not yet ready to fully comply. However, it means buyers have to trust the attestation rather than seeing the SBOM details directly.Secure Software Development Model Compliance: "The challenge there is turning the framework back into a compliance model. Because, again, at the end of the day, everyone wants to think about things. Right? Understand your risk, but you still need to make that yes or no decision."— Allan FriedmanTracy Bannon noted some companies have concerns about sharing their SBOM data with customers, worrying that the customer may not have secure enough practices to properly protect the SBOM. Allan Friedman explained SBOMs do not need to be public - they can be shared privately between supplier and customer. Known unknowns in the SBOM can also help address concerns about revealing proprietary information.Debate About the Risk of Sharing SBOMs as a Road Map for AttackersAllan Friedman argued that sophisticated attackers likely do not need the SBOM, as they have other ways to analyze and reverse engineer software. Automated attacks also do not leverage SBOMs. He noted defenders actually need the visibility an SBOM provides into components and dependencies. There may be some risk of exposing attack surface, but the benefits seem to outweigh that.The Importance of SBOM for Product Security: "If we had this, we had SBOM across our products today, it would save us thousands of hours a year Because whenever the next Log4j comes out, if you have a centralized machine readable, scannable system, It's not that hard." — Allan FriedmanAllan Friedman noted there has been some lobbyist pushback against SBOM mandates, often coming from trade associations funded by companies already implementing SBOMs. He said while healthy debate is good, many of the lobbyist complaints seem misguided or overblown.The Potential Role of AI in Creating SBOMs and Its Implications for SecurityCarolyn Ford asked whether AI could help automate SBOM creation, especially for legacy systems. Tracy Bannon cautioned that AI is not yet at the point where it can reliably generate code or understand large complex...
In the final, crossover episode of our three-part Halloween series, Eric Monterastelli, Public Sector SE at Delinea, Founder, Crew Chief of Gran Touring Motorsports and Host of the Break/Fix Podcast, joins Carolyn Ford and Tracy Bannon to discuss the scary reality of car security. Is your car spying on you? Can a nefarious actor take over your car? Does your car know your deep personal data like your immigration status, race and more? Hint: It can and it does.Key Topics00:02:05 Technology advances put vehicles at risk.00:06:25 Hijacked Jeep's wireless signal, turning it off.00:07:35 Chrysler systems hacked due to digital admission.00:10:47 New EV platforms streamline technology for efficiency.00:15:13 Disconnect, purge and be careful: data can be accessed.00:18:58 Using TrueCar, author obtained personal information illegally.00:21:54 Pre-OBD2 Mercedes is OBD1.00:25:12 Mozilla uncovers alarming auto data collection.00:28:29 Future vehicles will have integrated alcohol-detection systems.00:32:48 Routers, cars can be hacked, collect data.00:35:42 Read your vehicle's owner's manual for instructions.00:36:55 Speak to rental clerk about removing data.The Intersection of Cybersecurity, Car Security and the Ghostbusters MissionGhostbusters Mission: Car Security & Car HackingEric Monterastelli talks about how cars have evolved to include more computing technology, which opens them up to potential attacks. He gives the example of a Jeep that was hacked to shut off while driving, demonstrating the real dangers. Tracy Bannon contrasts U.S. car manufacturers that use many third-party components versus Tesla's more integrated system. She argues Tesla's approach may lend itself to more car security. The hosts explore different potential attack vectors into vehicles, like Bluetooth connections.Mozilla Participants Share Automotive InfoSec InsightsEric Monterastelli shares findings from a Mozilla report about the wide range of deep personal data that can be collected from cars. Including things like facial expressions, weight, health information and more. The hosts are alarmed by the privacy implications.Tracy Bannon advocates that car manufacturers need to make cybersecurity a priority alongside traditional safety. She indicates cars are data centers on wheels, collecting information that gets sent back to big cloud data centers. They emphasize the need for vigilance from car owners about what information they allow their vehicles to collect.Concerns About Data Collection in Modern VehiclesModern Car Security: Braking, Speed and Steering PatternsEric discusses the extensive data that is now collected by modern vehicles, especially EVs. He notes that information is gathered on things like stopping distances, brake pressure applied, vehicle speed and overall driving habits. This data is no different than the type of driver performance analysis done in race cars. Automakers are collecting real-world usage data from customer vehicles to analyze driving patterns and vehicle responses. Tracy adds that the average new vehicle contains over 100 different computers and millions of lines of code that are all networked together. This networked data covers areas like powertrain functions, safety features and infotainment systems. All of this interconnected data presents opportunities for tracking very detailed driving behaviors.Privacy Risks in Driving: Collecting Personal Data and ConcernsEric cites a concerning report that modern vehicles can potentially collect extremely sensitive personal data simply through normal driving. Including information on immigration status, race, facial expressions, weight,...
In the second episode of our 3-part Halloween series, Grant Schneider, Senior Director of Cybersecurity Services at Venable and former federal CISO, discusses the frightening implications of insider threats, how we are protecting critical infrastructure, and what it was like working on cybersecurity in the White House under both President Obama and President Trump.Key Topics00:03:59 Increased consequences led to rise of cybersecurity00:08:47 Insider threat, screening, hiring, malicious actor, Manning, Snowden00:09:53 Snowden challenges legality of government surveillance00:15:00 Adversary gains access, steals information, demands ransom00:19:19 Different levels of readiness present challenges00:23:15 Helping clients & coalitions for cybersecurity policy00:24:58 Consistency in technology and cybersecurity under past presidents00:27:47 Cybersecurity is like warfare or terrorism00:32:30 AI tools and data drive persuasive information00:34:50 National Cybersecurity Awareness Month raises awareness on cybersecurity and encourages action to protect businesses00:42:40 Diversity of experiences leads to career growth00:44:01 Adaptive, willing, and able to learnIntroduction to National Cybersecurity Awareness MonthPurpose of Raising Awareness About CybersecurityGrant explained that one of the great things about National Cybersecurity Awareness Month is exactly raising awareness and providing an opportunity to hopefully spend time thinking about and discussing cybersecurity. He noted that for organizations already focused on cybersecurity daily, the awareness month may not raise their awareness much more. However, many organizations don't constantly think about cybersecurity, so for business leaders and executives who may now recognize the existential threat a cyber incident poses, the awareness month offers a chance to have important conversations they may have previously avoided due to lack of understanding.National Cybersecurity Awareness Month: "You're only one bad kind of cyber incident away from your organization not existing anymore."— Grant SchneiderOpportunities for Organizations to Have Conversations About CybersecurityAccording to Grant, leaders who don't grasp cybersecurity risks may personally fear initiating conversations to ask what the organization needs to do to address risks. National Cybersecurity Awareness Month provides an opportunity for these leaders to have the necessary conversations and gain education. Grant said the awareness month is a chance to discuss basics, like implementing multifactor authentication, patching and updates. He observed that much of the content produced for the awareness month focuses on cybersecurity fundamentals, so it allows organizations to dedicate time to shoring up basic defenses. Overall, Grant emphasized National Cybersecurity Awareness Month facilitates essential cybersecurity conversations for organizations and leaders who otherwise may not prioritize it consistently.Evolution of Insider Threat in the Intelligence CommunityScreening Out Bad Actors During the Hiring ProcessGrant explains that in the early days of his career at the Defense Intelligence Agency (DIA), insider threat mitigation focused on screening out bad actors during the hiring process. The belief was that malicious insiders were either people with concerning backgrounds trying to get hired, or nation-state actors attempting to plant individuals within the intelligence community. The screening process aimed to identify and reject potentially problematic candidates.Nation-State Actors Planting Individuals Within the CommunityHe mentions the...
In the first episode of our 3-part Halloween series, Dave Egts, Mulesoft Public Sector Field CTO at Salesforce, details what's scaring the public sector most and how Salesforce is utilizing - and securing - AI to improve customer experience with their Einstein Trust Layer. Additionally, Carolyn and Dave dive into the spooky worlds of brain cell chips, mind-reading AI and more.Key Topics[02:17] Starting the Dave & Gunnar Show[04:14] Dave's Role At Salesforce[05:18] What's Scaring the Public Sector Most?[10:22] Ways Agencies are Attracting Talent[13:56] How Agencies Are Handling Legacy Systems[15:45] What MuleSoft Does & Generative AI's Role[22:44] Salesforce's Einstein Trust Layer[29:21] PoisonGPT[36:07] Brain Organoids & Other Spooky, Ethically Questionable Experiments[42:15] Tech Talk Questions: Halloween Edition Quotable QuotesConsiderations for the Public Sector While Using AI: "As you're going on your AI journey, you've got to be looking at the EULA [End User License Agreement] and making sure that, okay, if I give you data, what are you going to do with it?"On Bias & Disinformation in Generative AI: "There were some previous studies that show that people are more likely to go with the generative AI results if they trust the company and they trust the model. So it's like, 'Oh, it came from Google, so how can that be wrong?' Or 'I'm trusting the brand,' or 'I'm trusting the model.'"About Our GuestDavid Egts is MuleSoft's first-ever Public Sector field CTO. Outside of MuleSoft, David is the founding co-chair of the WashingtonExec CTO Council, where he advises numerous companies on working with the public sector. David has received numerous industry-wide recognitions, including as an FCW Federal 100 winner, a FedScoop 50 Industry Leadership awardee and one of WashingtonExec's Top Cloud Executives to Watch. He has won multiple employee honors from Red Hat, Silicon Graphics and Concurrent Technologies Corporation.Episode LinksDave & Gunnar Show EpisodesEpisode 165- If you can't measure it, you can't manage itEpisode 185- In Your Brain, Nobody Can Hear You ScreamEpisode 227- Meetings and PunishmentEpisodes 248 & 249- Stay tuned to the Dave & Gunnar Show for these episodes to go liveAdditional LinksMinority Report Cuyahoga Valley National ParkFlowers For Algernon
In this So What? episode, Jon Pelson, author of the best-selling book "Wireless Wars," discusses China's impact on the telecommunications space. He also shares the frightening security concerns around Chinese components in 5G networks and discusses why the FCC's ban on these components may not be enough.Key Topics[01:30] China's Success in the Telecom Industry[05:12] China's Grip on 5G[08:29] Are Your Communications Ever Private?[13:00] The Influence of Technology[15:53] What Would Happen if China Got Control?[19:20] FCC Ban on Chinese Components[24:50] Huawei's Placement Strategy[30:05] Is the FCC Ban a Good Start?[38:42] How America Takes Back Control[44:51] Tech Talk QuestionsQuotable QuotesOn Huawei's Tower Placement: "Our nuclear missile bases, our special operations command at the nuclear sub base are all served by Huawei cell equipment." I said, 'That's impossible. They have like 0.1% market share. How could they have every nuclear missile site?' I started looking into it. The reason I called the book 'Wireless Wars' is because it's a war that's being fought through what appears to be business means. This is not business." -Jon PelsonOn Why We Should Protect Data: "People say, 'I have nothing to hide.' Especially the younger generation says, 'Look, my privacy, in that regard, is not that important.' I was asked at the end of an interview, 'What would happen if China got control over us the way they're trying to?' I said, 'You don't have to scratch your head and do scenario planning. Look at places where China has control over the population.' -Jon PelsonAbout Our GuestJon Pelson spent nearly 30 years working as a technology executive, including serving as vice president at Lucent Technologies and chief of convergence strategy for British Telecom. His work with China's telecom industry during this time led Pelson to write his best-selling book "Wireless Wars" China's Dangerous Domination of 5G and How We're Fighting Back."Episode LinksThe Kill Chain by Christian BrosePaul Scharre's Tech Transforms EpisodeFocusBreaking BadBoyd by Robert CoramUndaunted Courage by Stephen Ambrose
On this special episode, Willie Hicks and Carolyn Ford discuss the Billington Cybersecurity Summit, as well as insights from panels, led by Willie, on workforce automation and zero trust.Key Topics[00:22] Willie's Workforce Automation Panel Highlights[03:28] The Difference Between Training & Education[11:11] Securing Data In A Zero Trust World Panel Highlights[16:31] Willie's Experience with Constant Reverification While Working in Financial Data Protection[20:44] Overarching Impressions from the Billington Cybersecurity SummitQuotable QuotesOn the Human Factor: "I think this is always the case, that the human's usually going to be the weakest link. We're always the weakest link. But that's why that constant reverification is so critical."On Generative AI: "We can't fear these things like generative AI. We've got to embrace it. We've got to use it. We've got to figure out how to use it and use it right and use it appropriately. But we have to figure out how to use it because you know who's using it? Our adversaries."About Our GuestWillie Hicks is the Public Sector Chief Technologist for Dynatrace. Willie has spent over a decade orchestrating solutions for some of the most complex network environments, from cloud to cloud native applications and microservices. He understands tracking and making sense of systems and data that has grown beyond human ability. Working across engineering and product management to ensure continued growth and speed innovation, he has implemented Artificial Intelligence and automation solutions over hundreds of environments to tame and secure their data.Episode LinksBillington Cybersecurity Summit SpeakersTech Transforms with Tom BillingtonTech Transforms with Ann DunkinMission Impossible
Sandi Larsen, Vice President, Global Security Solutions at Dynatrace, joins our host Carolyn Ford to share her perspectives on the relationship between zero trust and defense in depth. She also discusses her storied career, leadership and what it's like to be a woman in technology (although she dislikes the term). Additionally, Sandi shares her advice on identifying mentors, finding your voice and battling imposter syndrome.Key Topics[00:00] Introduction [01:10] Sandi's Role at Dynatrace [03:11] Sandi's Take on Zero Trust & Defense in Depth[09:21] Sandi's Career Path[19:01] People in Technology and the Gender Gap [25:26] Sandi's Key Takeaway for Listeners[27:37] Tech Talk Questions Quotable QuotesOn Finding Inspiration: “You just can't sleep on these pivotal people in your career whether they're ahead of you or beside you or even behind you, I've been inspired by people that I am mentoring.”On Having Mentors: “Find mentors, they are just invaluable and will be throughout your whole entire career, no matter what stage you're in. At the beginning, at the middle, later in your career, they will always be indispensable for you.”On Using Your Voice: “Speak up. Just have a voice. And if that voice in your head is planting doubt, don't listen to it. If it's coaching you on what to say and what not to say, and being wise about that, listen to that. But if it's planting seeds of doubt, you've got to you have to push it aside. And you have to take that step. Because if you don't, you might be missing out on the next best thing.”About Our GuestSandi Larsen currently serves as the Vice President of Global Security at Dynatrace. Prior to joining Dynatrace in November 2020, Sandi held various positions, including sales and systems engineering roles in cybersecurity and financial services organizations. Episode LinksThe BearThe John Maxwell Leadership PodcastThe Tim Ferriss Show
Tom Billington, CEO of Billington CyberSecurity and Producer of the Billington CyberSecurity Summit, joins Carolyn and co-host Mark Senell to discuss the upcoming 14th Annual Billington CyberSecurity Summit, what goes into creating a valuable community for both the government and the commercial sector, and the important topics that will be the basis for this year's conference.Key Topics[02:58] - Founding the Billington Cybersecurity Summit [09:59] - Developing Conference Topics [12:43] - Bridging Federal and Commercial Cybersecurity [16:02]- Critical Infrastructure at Billington [19:04] - Commercial Industry at Billington [21:45] - Registering for The Summit[22:49] - Preparing Key Conference Themes [24:46] - Hottest Topics at Billington This Year[27:03] - What's New About Zero Trust [28:22] - Tech Talk QuestionsQuotable QuotesOn Founding Billington Cybersecurity Summit: "I really started this business to be distinctly patriotic, to provide a serious dialogue in a way that I felt wasn't really being done at that time...So breaking into the federal cybersecurity community, to be honest, was hard as an entrepreneur. We had to build trusted relationship after trusted relationship. Over the course of 14 years, it's become decidedly easier now, now that we have had the privilege of having those trusted relationships."On Zero Trust: "Many of the areas that zero trust encompasses have been around since the profession has existed in cybersecurity. But at no other time has the U.S. government proclaimed the importance of this overarching field as it has in the last few years. So it becomes important for the government. It becomes important for the industry leaders who serve them."On International Cyber Collaboration: "So it's not just the U.S. team sport. It's an international team sport. The partnership with our international allies is crucially important."About Our GuestBefore launching his company in 2010, Tom Billington spent nearly two decades producing hundreds of events, publications and articles for four of the world's leading media companies: Reader's Digest, Phillips Business Information, BNA (now Bloomberg BNA) and Thomson Reuters. Now, Tom is the CEO and Founder of Billington CyberSecurity, a leading independent education company founded in 2010 with an exclusive focus on cybersecurity education. Every year, he hosts the Billington Cybersecurity Summit, which is known as the world's leading government summit on cybersecurity with the unique educational mission of convening the who's who in cybersecurity: the senior leadership from the U.S. government, our allied partners, and their industry and academic partners. Episode Links14th Annual Billington Cybersecurity Summit AgendaAnn Dunkin on Tech TransformsBooks By Kevin Mitnick
Ann Dunkin, Chief Information Officer (CIO) at the U.S. Department of Energy (DOE), joins Carolyn and guest host Willie Hicks to discuss the National Cybersecurity Strategy and what it takes to secure a large agency like the DOE, as well as how agencies balance cybersecurity compliance and risk management. She also highlights the DOE's role in the Partnership for Transatlantic Energy and Climate Cooperation (P-TECCC) and the agency's relationship with its industry partners.Key Topics[01:47] - Affect of the National Cybersecurity Strategy on DOE Modernization Initiatives[07:59] - Risk vs. Compliance[14:17] - Protecting a Large Agency like DOE vs. Smaller Agencies[16:49] - P-TECC Overview & DOE's Work with P-TECC[23:14] - Implementing Lessons Learned from the Global Community[26:11] - DOE Modernization Efforts & The Role of Public-Private Partnerships[30:26] - Where Industry Can Improve[36:03] - Tech Talk QuestionQuotable QuotesOn the Collective Defense: "The principles of collective defense, which underlie the cybersecurity strategy are incredibly important. That concept that we can't individually be safe, we have to work together. Once upon a time, you'd say, oh, if my cybersecurity's better than the guy down the street, they'll go down the street and forget about me. And we just can't do that. We're too interconnected. There's too much work we do together. There's too many interconnections between our systems. We absolutely positively have to develop that collective defense. In addition, part of that collective defense is ensuring that the burden of defense falls to those most able to deliver on that." - Ann DunkinOn balancing risk vs. compliance: "The reality is we can't do all the compliance. And so we absolutely have to look at risk to prioritize it. But I would argue that you should always look at your risk and balance that against your compliance exercises. Because number one, if you do all the compliance and then you start risk mitigation, you may be missing something big. But number two, because you probably don't have enough money to do all the compliance anyway." - Ann DunkinOn workforce development: "I firmly believe that we need pathways to move people in between the private and public sectors. And we need to make it easier for people to cycle between those places over the course of their career to leave government, to come back to government and to learn from each other. And also for the government through DOE and through other places to help build a workforce within the government that looks like America. And then to help the rest of America grow their workforce capabilities." - Ann DunkinAbout Our GuestAnn Dunkin serves as the Chief Information Officer at the U.S. Department of Energy, where she manages the Department's information technology (IT) portfolio and modernization; oversees the Department's cybersecurity efforts; leads technology innovation and digital transformation; and enables collaboration across the Department. Ms. Dunkin is a published author, most recently of the book Industrial Digital Transformation. Episode LinksNational Cybersecurity Strategy
Dr. Aaron Drew, Technical Director for the Supply Chain Management (SCM) Product Line at the U.S. Department of Veterans Affairs Office of Information and Technology, joins Carolyn to discuss the challenges of supply chain, modernization and risk management. Dr. Drew outlines the steps an organization can take to modernize and maximize applications for end users as well as capitalize on data analytics to better prepare our nation for times of need. Key Topics[01:15] - Scale of Veterans Affairs [05:21] - Supply Chain Tools and Challenges[13:54] - Advice for Supply Chain Management[20:24] - Tech Procurement[24:10]- User Acceptance[27:37] - Risks of not Modernizing[32:29] - Security Requirements[36:13] - Steps to Acquisition [40:10] - Tech Talk QuestionsQuotable QuotesOn identifying a need for a new tool: "If the tools you had before don't address that shift [in business], that change of dynamics, then that's when we have this gap. That's that delta between how you did business then and how I expect to do business tomorrow that will signify or call that ignition of this solution acquisition process." - Dr. Aaron DrewOn understanding user needs: "Either you are meeting them [users] where they are, which is very important, or you've lived it, which allows you to relate and commiserate with those who are working across a day-to-day basis, that's what's going to bring you organically to the problem. That's going to allow both parties then to own the solution." - Dr. Aaron DrewAbout Our GuestDr. Aaron J. Drew is the Technical Director for the Supply Chain Management (SCM) Product Line at the U.S. Department of Veterans Affairs. Previously, Dr. Drew simultaneously served as the Chief Engineer & Chief Architect for the Financial Management Business Transformation Special Program Office (FMBT-SPO) and the Chief Engineer & Chief Architect for the Supply Chain Modernization Program. Episode LinksMITRESmithsonian MuseumsHolocaust Museum
Tracy Bannon, Senior Principal/Software Architect & DevOps Advisor at MITRE, returns to Tech Transforms for our So What segment to discuss all things generative AI. Following Tracy's presentation at the RSA Conference 2023, she and Carolyn discuss everything from software development lifecycle to the potential that various AI models may have. Key Topics[01:29] - Software Development Lifecycle: RSA Conference Recap[04:48] - Generative AI as a Service[07:36] - Potential for Disinformation [12:04] - Potential of AI for Developers[17:15] - Low Code / No Code Capabilities[26:14] - Discussion Roundup[31:14] - Tech Talk QuestionsQuotable QuotesDefinition of generative AI: "Generative AI is under the umbrella of large language models. And a large language model is just that. It is a model where vast amounts of text data have been fed in and it uses statistical analysis to figure out the likelihood that words or phrases go together." - Tracy BannonOn generative AI models: "It's only as good as the information that's going in, garbage in, garbage out." - Tracy BannonGenerative AI advice: ''Know that we have to really get focused on the ethics of using these tools. Know that there are big security risks, but get familiar. Get familiar. It isn't going to take your job today. It is going to augment many jobs, but it's not going to take them completely away." - Tracy Bannon About Our GuestTracy Bannon is a Senior Principal with MITRE Lab's Advanced Software Innovation Center. She is an accomplished software architect, engineer and DevSecOps advisor having worked across commercial and government clients. She thrives on understanding complex problems and working to deliver mission/business value at the speed. She's passionate about mentoring and training, and enjoys community and knowledge building with teams, clients and the next generation. Tracy is a long-time advocate for diversity in technology, helping to narrow the gaps as a mentor, sponsor, volunteer and friend.Episode LinksSo What? Tech Transforms Federal News Roundup with Katy CraigApplying AI to the SDLC New Ideas and GotchasIt's 5:05The Kill ChainProject to ProductReal Technologists PodcastGreenlights
Alan Gross, Solutions Architect & Tech Lead at Sandia National Laboratories, joins Carolyn to talk about how DevOps is being leveraged to support the Department of Energy's contractor operated research lab. Alan dives into some of the initiatives at Sandia National Laboratories, and how he is applying his personal philosophy around user experience ops, or "UX Ops," to support the mission. Key Topics[01:12] About Sandia National Laboratories[03:50] Sandia's role in national security[06:25] DevOps versus DevSecOps [13:45] Department of Energy and Sandia [17:40] Sandia initiatives: a year of climate in a day & Hypersonic weapons[21:00] Alan's DevOps journey and advice for developers[33:55] Tech Talk questionsQuotable QuotesAlan on DevOps: " DevOps is about trying to deliver quickly and learn from your mistakes as fast as you can. So shifting left is part of that philosophy. If you have security issues with your software, you want to know about that as quickly as possible, because if you've already deployed to production, it's almost too late." - Alan GrossOn what advice Alan would give to new developers: "It's about failing fast and failing forward...How quickly can you learn new things, get new code and new products out in front of your users, and understand how they engaged with that." - Alan GrossAbout Our GuestAlan works as a full stack developer and technical lead at Sandia National Labs, with six years of experience in web technologies development. He develops within Python, Angular and .NET ecosystems, with a focus on enabling the developer experience at Sandia with novel solutions for the labs' diverse development, software governance, security and business intelligence needs. Alan leads a team that is committed to reducing technical debt by emphasizing DevSecOps, modern application architecture (such as microservices) and data-driven outcomes.Episode LinksMollie RappePlanning and Implementation ToolTech Transforms Podcast with Dr. Stephen MagillPattern and Anomaly Detection in UXAdam Grant PodcastProject Ceti
Paul Scharre, Vice President and Director of Studies, at Center for a New American Security (CNAS), joins Carolyn and Mark to dive into his newest book, Four Battlegrounds: Power in the Age of Artificial Intelligence. From the first time he recognized the power AI could hold, to the ways AI may put us on a path to global peace, Paul offers valuable insight and perspective on the field of artificial intelligence and machine learning.Key Topics[01:44] About Paul Scharre[02:50] When Paul Scharre recognized the power of AI [07:17] The four Elements of the Battlegrounds[12:57] Paul Scharre's take on the technological divide in the United States, and how we can solve it[20:10] U.S.'s standing in comparison to Nation-State adversaries [26:18] Establishing globally agreed upon AI guardrails [31:45] The exponential growth of AI[42:12] Top requirements to achieve global peaceQuotable QuotesOn Paul's main focus when working at the Pentagon: "How can we use robotics to help create more distance between our service members and threats?" - Paul ScharreRole of humans in AI: "Having data and computing hardware, having chips alone, doesn't get you to some meaningful AI tool. You also need the human talent" - Paul ScharreOn adversary AI advancement: "Fundamentally, both the US and China are going to have access to AI technology, to robust AI ecosystems, big tech companies, startups within each country, and the bigger challenge is going to be: How does the military take this technology, work with its civilian AI scientists, and then translate this into useful military applications?" - Paul ScharreAbout Our GuestPaul Scharre is the Vice President and Director of Studies at the Center for a New American Security. Prior to this role and becoming an award-winning author, Scharre worked in the Office of the Secretary of Defense (OSD) where he played a leading role in establishing policies on unmanned and autonomous systems and emerging weapons technologies. He led the Department of Defense (DoD) working group that drafted DoD Directive 3000.09, establishing the department's policies on autonomy in weapon systems. He also led DoD efforts to establish policies on intelligence, surveillance, and reconnaissance programs and directed energy technologies.Episode LinksProject MavenArmy of None
This week, Michael Edenzon, Co-Founder of Fianu Labs, joins Tech Transforms to talk about why automated governance is so critical to mission success. Michael also provides some great insight into his recently co-authored book Investments Unlimited.Key Topics[02:08] About Fianu Labs[04:54] What passes as evidence and how does it play into automated governance?[09:29] Michael's book: Investments Unlimited[16:50] Automated governance vs. Authority to Operate[28:33] Taking software asset inventory[35:40] Tech Talk Q&AQuotable QuotesOn what counts as evidence in the context of software governance: "Our real focus in that regard is trying to get people to realize that evidence isn't just this random metadata that's captured from here and there, but instead it's going through all of the enrichment and providing all of the context that's necessary for an auditor to come and reproduce those results that you're using to base your enforcement off of." - Michael EdenzonOn how automated governance relates to Authority to Operate: "It [automated governance] is a method for achieving the ATO. So it can accelerate your ATO process and it can help you reach it faster, but what automated governance really is, is a means of achieving continuous ATO." - Michael EdenzonAbout Our GuestMichael Edenzon is a senior IT leader and engineer that modernizes and disrupts the technical landscape for highly-regulated organizations. Michael provides technical design, decisioning, and solutioning across complex verticals and leverages continuous learning practices to drive organizational change. He is a fervent advocate for the developer experience and believes that enablement-focused automation is the key to building compliant software at scale.Episode LinksInvestments UnlimitedToyota KataFailure is Not an Option
In this episode of Tech Transforms, Nihal Krishan, tech reporter at FedScoop, discusses how and where the American government is lagging behind in technology, but there is a focus on modernization to improve the situation. We also talk about the need for comprehensive data privacy legislation and how budget caps may impact government agencies' modernization initiatives. Additionally, we explore concerns surrounding TikTok's ownership and data privacy, as well as the addiction and potentially harmful effects of the platform. We also touch on the importance of respecting sources as a journalist and provide a few podcast recommendations. Finally, we look at the challenges in understanding algorithms used by TikTok and how they could be used to promote divisive content. Join us to learn about these transformative topics in the tech world!Introducing Our Guest, Nihal KrishanNihal Krishan is a journalist who has covered the controversies surrounding TikTok. He highlights the privacy violations committed by the company when it accessed journalists' personal information to control their narrative. Krishan also acknowledges the legitimate fears surrounding the app since TikTok's parent company is based in China. However, he notes that there is no objective evidence of the Chinese government misusing American data obtained through TikTok. He raises the question of whether American social media companies are any better at safeguarding data than TikTok. Krishan argues that the debate over TikTok highlights the need for data privacy legislation in Congress.Key Topics:Government Budget and IT ModernizationPrivacy and Security on TikTokSocial Media and Data PrivacyEpisode Highlights:[00:00:57] TikTok has been criticized for invading journalists' privacy to control their perceptions of the app, but the evidence for harm is primarily based on perception and politics. There are concerns about Chinese government access to American data, but it has not been proven yet. The issue of data privacy is a larger problem for social media companies in general and calls for legislation.[00:06:04] TikTok is a popular Chinese-owned social media platform with almost a billion users, mainly Gen Z, and its popularity has caused concerns about national security and data privacy in the US.[00:10:13] Understanding TikTok's algorithms is like understanding Facebook and Google's algorithms. The government is concerned that TikTok could sow seeds of discord like how Russians did in 2016 on Facebook. It's a complicated problem faced by all social media platforms.[00:12:29] TikTok is highly addictive and has a powerful algorithm that tailors to a user's preferences. Instagram and other apps are trying to copy its success. Concerns arise over its safety and effects on users, especially children and those with attention issues, requiring regulations.[00:14:57] Data privacy laws are crucial for people who don't have time to limit their phone and social media use. Bipartisan support exists for Children's data and app time protection, but comprehensive legislation is still needed.[00:18:54] US government lags behind in technology; modernization is a key issue for federal agencies and Congress has formed an IT Modernization Committee to improve it, but bureaucracy and political battles affect appropriations for IT modernization.[00:22:31] Caps on spending for agencies may hamper modernization efforts.[00:24:18] Budget cuts expected on unspecified agencies and programs; impact and details unknown. Reporting on changes to come. Cybersecurity noted.[00:25:50] Journalists rely on trust to get information and protect sources. Most people's comments are not newsworthy, and journalists don't report everything they hear. Building relationships and protecting sources is important for breaking good...
Nihal Krishan, Tech Reporter at FedScoop joins Carolyn for a special two-part episode to talk about some of the hottest topics in government tech. In Part 1, Nihal gives some eye-opening insight on all things ChatGPT including security, privacy, and national bans.Episode Table of Contents[0:25] Introducing Our Guest, Nihal Krishan[7:39] We Need to Upskill[15:45] How the U.S. Government Is Dealing With ChatGPT[23:00] Stanford University Human Center Artificial Intelligence Index Report of 2023Episode Links and ResourcesEpisode Links and ResourcesNihal KrishanFedScoopStanford University Human Centered Artificial Intelligence Index Report
Col. Candice Frost, JIOC Commander at United States Cyber Command joins Carolyn and Mark to talk about her journey as a lifelong-learner, and how she is applying her skills to the innovative work at Cyber Command. From the importance of public-private partnerships, to teaching our kids healthy cyber security habits, Col. Frost offers her valuable insights on how we can all think innovatively and better secure our nation.Episode Table of Contents[0:29] Col. Frost's Journey to Being the JIOC Commander at US Cyber Command[8:04] How US Cyber Command Came to Be[16:04] Understanding the Nature and Psychology of War[23:35] The Parts Played by US Cyber Command in Our Security[30:46] The Thrill of Working at US Cyber Command[37:55] How US Cyber Command Keeps Everyone Safe[44:31] Nothing is True and Everything is PossibleEpisode Links and ResourcesCol. Frost LinkedInU.S. Cyber CommandAfternoon Cyber TeaClick Here PodcastSpies Lies and AlgorithmsNothing is True and Everything is PossibleThe Wires of War
Commander Jonathan White, Cloud and Data Branch Chief at the United States Coast Guard joins Carolyn and Mark to talk about the groundbreaking developments his team is doing with C5I. Commander White stresses the importance of public-private partnerships, and gives tips on how agencies can better approach the future of technology.Episode Table of Contents[0:33] What Is C5I?[7:54] What Are the Goals of C5I[15:12] What the Future Holds for C5I[22:35] Commander White's Favorite Project Pre C5I[29:39] What Role Has Industry Played for C5I[35:14] Pieces of Advice[40:23] From the First Piece of Technology to C5I[45:16] Introduction to AIEpisode Links and ResourcesEpisode Links and ResourcesCommander WhiteUSCGHack Your Bureaucracy
Stephen Magill, Vice President, Product Innovation at Sonatype dives into the complexities of open source and software security. Find out how government agencies are utilizing open source, and what Sonatype is doing to help secure our most trusted software.Episode Table of Contents[0:23] The Core Focus Area of Open Source Technology[7:24] The Security Measures Open Source Implements[14:32] A Vulnerability in the Open Source[21:42] The Vulnerability Log4j Poses in the Open Source[29:06] Identifying the Root of the Problem[36:01] Watching Out for Malicious CodeEpisode Links and ResourcesStephen MagillSonatypeSonatype Safety RatingMaven Central
Billy Mitchell, Editor-in-Chief at FedScoop joins Carolyn to discuss surveillance, national intelligence, the benefit of partnerships, and more. Billy gives his perspective on today's hot topics in federal technology, and what he thinks may be coming next.Episode Table of Contents[0:23] Federal Technology and Its Battle Against Balloons[7:18] Varying Opinions Towards Federal Technology Problems[14:41] Federal Technology Embraces Industry Technology[21:56] Federal Technology Means Business[29:33] Implementation of Zero Trust in Federal Technology[36:54] Billy Mitchell's First Encounter With TechnologyEpisode Links and ResourcesBilly MitchellFedScoopThe Last of Us
Dan McCune, Deputy Chief Information Officer at U.S. Department of Veterans Affairs joins Carolyn and Mark to discuss the transformative work happening at the VA. With millions of end users, Dan explains how his dedicated teams are working to make the VA better, faster, and safer for our veterans.Episode Table of Contents[0:29] The Place to Go for Veterans Affairs[7:51] Veterans Affairs Approach Towards Modernization[14:53] The Forcing Function of Veterans Affairs[21:48] Veterans Affairs Makes Things Easy for Veterans[31:29] How AI Can Improve Veterans Affairs Services[40:44] The Next Big Leap in TechnologyEpisode Links and ResourcesDaniel McCuneVACompeting in the age of AIInnovator's DilemmaAtomic HabitsThe Power of full engagementAxis of Awesome
Dimitris Perdikou, Head of Engineering at the UK Home Office, Migration and Borders joins Carolyn and Mark to discuss the innovative undertakings of one of the largest and most successful cloud platforms in the UK. With over 3,000 technical users, and millions of end users, Dimitris sheds some light on his experience with SRE, User Experience, and Service Monitoring.Episode Table of Contents[0:21] Inside the Massive Programs That the UK Home Office Offers[7:00] The Importance of Observing Cost Efficiency[12:25] The Monitoring Pack of the UK Home Office[17:59] UK Home Office Take on a Good User Experience[24:09] Why UK Home Office Didnt Have to Reinvent the Wheel[30:20] Let the Experts Do Their JobEpisode Links and ResourcesEpisode Links and ResourcesDimitris PerdikouUK Home OfficeNCSCThe Happiness LabThe Art of Happiness
Jamie Holcombe, Chief Information Officer at USPTO joins Carolyn and special guest host Willie Hicks to talk about Zero Trust, PMO, encryption and more. Listen in to learn about the innovative steps USPTO has taken to develop New Ways of Working.Episode Table of Contents[0:41] Zero Trust According to Jamie Holcombe, CIO of USPTO[7:56] The Effects of Reauthentication[13:09] You Need to Have a Focus and a Mission[18:46] New Ways of Working[25:43] Not Everything Needs to Be Protected[32:59] USPTO's Four Pillars of Intellectual PropertyEpisode Links and ResourcesEpisode Links and ResourcesJamie Holcombe USPTO For All MankindFoundation
Willie Hicks, Dynatrace's Federal Chief Technologist recently appeared on the Federal Tech Podcast. It is such a great interview we wanted to make sure our Tech Transforms audience got to listen. Enjoy this crossover episode with Federal Tech Podcast! Episode Links and ResourcesEp. 42 Vulnerability Management for Federal SystemsFederal Tech PodcastWillie Hicks
Nicolas Chaillan joins Carolyn and Tracy to shed some light on his experience in the Air Force and gives his thoughts on government movement in the past year. Nicolas talks about the importance of social media privacy and protection. Episode Table of Contents[0:59] Introducing Our Guest, Nicolas Chaillan[10:06] Have We Regressed in Cyber?[17:58] There Is a Reward for Not Taking Risks[24:29] The Worst Thing That Ever Happened Was Agile[31:46] The Amount of Information TikTok Gather[40:17] We Need to Teach the Basics of Life to KidsEpisode Links and ResourcesEpisode Links and ResourcesNicolas ChaillanLinkedInIn goodbye message, Chaillan unloads his frustrations over DoD's technology culture, processes
John Curran, Executive Editor at MeriTalk joins Carolyn to discuss 2022 technology trends and shares his predictions for federal technology in 2023. Episode Table of Contents[0:25] The Armchair Quarterback[8:08] Are There Agency Efforts in 2022?[15:45] Technology Trends on Implementing DevSecOps[21:36] The Big Technology Trends Coming on 2023[26:56] Technology Trends Need to Be User Friendly Episode Links and ResourcesEpisode Links and ResourcesJohn CurranMeriTalkMax Hastings
Andrey Zhuk, Federal Security Architect at CTG joins Tech Transforms to unpack the topic every agency is talking about: cybersecurity mandates. Listen in to learn more about Andrey's recent eBook breaking down who mandates affect, why they are important, and how agencies can successfully meet requirements.Episode Table of Contents[00:24] Introducing Our Guest, Andrey Zhuk[08:48] The Rate of Change in Cybersecurity Mandates[18:43] Break and Inspect[28:26] Show Progress on Cybersecurity MandatesEpisode Links and ResourcesEpisode Links and ResourcesAndrey ZhukConversational Application Management for Federal Government eBookMandates - 1428OMB 2209Ray Dalio PrinciplesWe Crashed
Duong Hang, Deputy Director at the Department of Defense Platform One joins Tech Transforms to address a topic that's been circulating recent headlines: Psychological Safety. Listen live as Carolyn and Tracy learn how agencies and organizations can implement psychological safety to improve retention and operations.Episode Table of Contents[04:00] What Is Psychological Safety[10:35] The Challenge of Safeguarding Employee's Psychological Safety[19:48] Command and Control[28:56] Closer Proximity Help Build Psychological Safety[35:56] Psychological Safety Starts From the Top[44:14] Psychological Safety Can Be ObservedEpisode Links and ResourcesDuong HangDoD Platform 1Think Again
Paul Puckett, Director of the Army's Enterprise Cloud Management Agency joins Tech Transforms to shed some light on one of government technology's most used buzzwords: Zero Trust. Listen in as Carolyn and Tracy learn what it really means to remove implicit trust and how agencies are prioritizing user experience and data protection. Episode Table of Contents[01:03] The Enterprise Cloud Management Agency [10:41] The Context of Zero Trust [19:55] A Zero Trust Reference Architecture [29:28] Protecting the Data that Falls to the Zero Trust Architecture [39:00] The Traditional Dogma [50:07] Data Sharing on Zero Trust Episode Links and Resources Episode Links and Resourceshttps://www.linkedin.com/in/paulbp3/ (Paul Puckett) https://www.army.mil/ecma (ECMA) https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf (White House Memo on Zero Trust) https://csrc.nist.gov/publications/detail/sp/800-207/final (Zero Trust Architecture)
Ross Wilkers, Senior Staff Reporter at Washington Technology talks to Carolyn and Mark about some of the hottest topics in government technology news. With insight on the 2023 Defense Funding Bill, government contracting and Alliant 3, Ross provides a unique perspective on what defense IT teams may see in the coming months. Episode Table of Contents[00:56] Government Contracting and Government Technology News [09:21] Programs to Help Agencies [20:08] Fishing on a Boat for Government Technology News [31:37] Government Technology News Just Dominate [41:03] Trying to Capture HQ2 Episode Links and Resources Episode Links and Resourceshttps://www.linkedin.com/in/ross-wilkers-9256a371/ (Ross Wilkers) https://washingtontechnology.com/podcasts/ (Project 38) https://appropriations.house.gov/news/press-releases/appropriations-committee-releases-fiscal-year-2023-defense-funding-bill (2023 Defense Funding Bill) https://washingtontechnology.com/contracts/2022/08/gsa-sketches-out-timeline-alliant-3-first-glimpse/375970/ (Alliant 3)
Amy Belcher, Independent Software Vender Sales and Go To Market Leader at Amazon Web Services joins Tech Transforms to talk about her team's mission to satisfy compliance for agencies across the globe. With speed to deployment, flexibility and security, Amy and her team support organizations maximizing local control and global reach. Episode Table of Contents[00:52] The Importance of Industry Partnerships [08:19] Productive and Creative Partnerships [18:24] The Depth of Partnerships Episode Links and Resources Episode Links and Resourceshttps://www.linkedin.com/in/amybelcher/ (Amy Belcher) https://aws.amazon.com/government-education/ (AWS) https://www.amazon.com/Five-Dysfunctions-Team-Leadership-Fable/dp/0787960756 (The Five Dysfunctions of a Team) https://www.amazon.com/Never-Split-Difference-Negotiating-Depended/dp/0062407805 (Never Split the Difference)
Colin Demarest, Defense Networks and Cyber Reporter at C4ISRNET joins Tech Transforms to talk about some of his recent articles focused on 5G, aerial networks, and upcoming Capability Sets. Listen in as Carolyn and Mark learn about the ever-evolving field of defense and what emerging technology can do to support the mission. Episode Table of Contents[00:30] Getting to Know Colin Demarest, a Defense Networks and Cyber Reporter [08:45] 5G Defense Investigation [12:28] Issues of Compatibility in the Defense World [17:51] Capability Sets 21 and 23 [25:25] Another Layer of Defense Episode Links and Resources Episode Links and Resourceshttps://ctdemarest.wordpress.com/photography/ (Colin Demarest) https://www.c4isrnet.com/ (C4ISRNET) https://www.ronaldcwhite.com/books/american-ulysses/ (American Ulysses) https://jonathanalter.com/work/his-very-best-jimmy-carter-a-life/ (His Very Best)
Daniel Chenok, Executive Director at IBM Center for The Business of Government joins Carolyn and Mark to talk about the importance of AI in the field. From democratizing data to improving office operations, application research is a key component for any government agency looking to integrate artificial intelligence into their mission. Episode Table of Contents[01:02] A Top Government Story [08:33] How AI Enables Us to Do Our Jobs Better [17:36] The Challenges We Have on Cybersecurity [28:47] What Does Research Tell Us About AI? [36:29] How AI Can Solve Problems at a National Scale [44:40] How to Implement AI Episode Links and Resources Episode Links and Resourceshttps://www.linkedin.com/in/chenokdan/ (Daniel Chenok ) Email: chenokd@us.ibm.com https://www.businessofgovernment.org/ (Business of Government ) https://www.ibm.com/security/services/us-federal-cybersecurity-center (Center for Government Cybersecurity) https://governmentciomedia.com/socom-cdo-digital-transformation-depends-ai (SOCOM CDO: Digital Transformation Depends on AI) https://www.nextgov.com/ideas/2022/02/building-cybersecurity-workforce-america-needs/361514/ (Building the Cybersecurity Workforce America Needs)
Rick Stewart, Chief Software Technologist at DLT Solutions joins Tech Transforms to give insight on Open Source, Platform One, and DORA initiatives. Listen in as Carolyn and Mark learn about the importance of focusing on the right metrics when managing security bottlenecks. Episode Table of Contents[00:48] Old Ways of Doing Things [11:55] Security Metrics That Need Improvement [22:54] Deploying Security Metrics Using Scheduling Techniques [33:19] Continuous Authority to Operate Security Metrics Episode Links and Resourceshttps://www.linkedin.com/in/rick-stewart-09618015/ (Rick Stewart ) https://www.dlt.com/ (DLT Solutions) https://www.amazon.com/Beyond-Order-More-Rules-Life/dp/0593084640/ref=asc_df_0593084640/?tag=hyprod-20&linkCode=df0&hvadid=509494905560&hvpos=&hvnetw=g&hvrand=15582897620124099519&hvpone=&hvptwo=&hvqmt=&hvdev=c&hvdvcmdl=&hvlocint=&hvlocphy=9030451&hvtargid=pla-1065603015754&psc=1 (Beyond Order) Old Ways of Doing ThingsCarolyn: Today, we get to talk to https://www.linkedin.com/in/rick-stewart-09618015/ (Rick Stewart), a good friend. Rick Stewart is a Chief Software Technologist at DLT for more than 34 years. Do you really want me to tell people that Rick? That makes you sound super old? Rick: No, it has some relation to the old way of doing things, traditional ways. Carolyn: He knows the old stuff and the new stuff with 34 years of diverse experience in the IT industry. He's progressing through technical and leadership roles in telecommunications, mobile entertainment, the federal government, and the manufacturing industries. Today, Rick is joining us to talk about DevOps research and assessments, or DORA, a term that is new to me. He'll also talk about the four key metrics for increasing efficiency and delivering service. He will discuss how Platform One has advanced the cultural transformation to DevOps. Mark: Welcome Rick. By the way, Rick started this when he was six. Carolyn: That's right. I'm going, to be honest. I've been in the industry for a while, and I have never heard the term DORA. DevOps Research and Assessments make sense. I just haven't heard the acronym. They have four key metrics for increasing efficiency in delivering service. Those metrics are deployment frequency, lead time for changes, change failure rate, and time to restore to service. Will you unpack those for us? Rick: It's interesting that you say that because I attend several different events and conferences where we have, especially in the public sector, astute people that have lots of experience. Security Metrics As a First-Class CitizenRick: They're on this journey of DevOps or in the public sector. It's more DevSecOps, bringing security up as a first-class citizen. They were talking about the things that they capture, the journey that they're on, and their improvements. On one of these occasions, DORA was brought up. I think it may be a Q&A panel. It was surprising that a lot of them didn't know what this organization does, especially being so well versed in the cultural transformation, not knowing some of the things to focus on. I thought it was really important to shine a light on. Carolyn: Is it a federal organization? Rick: No, it's more of a community-based organization, an industry-based organization. We've got people like Jez Humble and Gene Kim and others that are involved with this. What they do is, they go out and they do surveys of not just the public sector, but the private sector, all organizations globally. They basically give them surveys and they talk about their experience, where they're at in the spectrum of their journey, and what they have discovered through this analysis. It's a really deep, long analysis. There's a book called Accelerate that was done by Nicole Ferguson. She has a PhD and took lots of painstaking analysis of these organizations and these teams and asked them a series of questions. What it boiled down to is
Willie Hicks, CTO of Public Sector at Dynatrace joins Carolyn and Mark to unpack the recent ATARC event: Improving the User Experience in a Zero Trust World. At this federal breakfast summit, sponsored by Dynatrace and Amazon Web Services, we heard from some of the most prominent technology leaders focused on Zero Trust including Nicole Willis, Jamie Holcombe, Mickey Iqbal, and more. Listen in as Mark and Willie give highlights and takeaways from the event. Be sure to follow the link in the show notes to see the full event On-demand! Episode Table of Contents[00:30] Guest Speakers at the ATARC Event: Improving the User Experience in a Zero Trust World [07:55] Zero Trust Should Be a User Experience Enabler [14:41] OMB Is Pushing to Move Too Fast [20:05] How to Ensure Zero Trust Does Not Disrupt the Employee User Experience Episode Links and Resources Guest Speakers at the ATARC Event: Improving the User Experience in a Zero Trust WorldCarolyn: So today we're reviewing top takeaways from ATARC 's Federal Breakfast Summit, Improving the User Experience in a Zero Trust World. Which those two things, user experience, and zero trust, are kind of a direct conflict for me, but we'll get to that. The conference was sponsored by AWS and Dynatrace, and it's available on-demand for our listeners at ATARC.org. Also, we have Willie Hicks, our Federal Chief Technologist at Dynatrace. Willie, you were a keynote speaker at the event. I'm too biased to say you were my favorite so I won't say that. I mean, everybody was really good. Jamie was super exciting. Let me just review who our speakers were. So our keynote speaker around zero trust was Grant Schneider. He brought a really interesting perspective because he's former white house. So he was the senior director of cybersecurity services. So former federal CISO, and now he's in industry at Venable. Then we had our next keynote around the user experience was the very entertaining Jamie Holcomb. He's the CIO at U.S. Patent and Trademark office. And then my favorite, Willie, Federal Chief Technology Officer here at Dynatrace. Then we had a panel that brought the user experience and zero trust together and how we reconcile those two and how they work together. And on that panel, we had Nicole Willis, Chief Technology Officer, OIG, at the U.S. Department of Health and Human Services. Is User Experience Unrelated to Zero Trust?Carolyn: Jamie came back on the panel. We had Mickey Iqbal, he's the Public Sector Solution Architect and Chief Technologist at Amazon Web Services. Willie on the panel. And then we had our moderator, Tom Suder, who's fantastic. He's been in this business so long that he had a lot of really good insights too. Now that I've given our listeners the overview of who participated, first of all, I was thrilled to see that we had a packed room. We had a standing room only, and that was really, really nice to see. It was lovely to have people in person and to be able to interact with one another personally. So, all right, let's get to the first question. Today, Mark, you're less of a co-host. I want to hear your opinions about what your takeaways were from that day. So around the user experience and zero trust, did you have any aha moments? What were your favorite moments? Tell me your feelings about the day. Mark: Well you know, from my perspective, coming from industry and Dynatrace, I think we think of end-user experience as something different related to zero trust. So we think of it differently. Carolyn: And at odds with each other. Mark: Yes. Well, I get the feeling more and more, it's more how the end-user navigates the security protocols and processes to accomplish the end goal. Which is not their problem of zero trust, which would be the agency's problem. How the End-User Navigates the Security ProtocolsMark: And so the agencies think of end-user experience in that light as opposed to we think of it in a different way as it relates to somewhat the...
This week, Carolyn is joined again by Bob Stevens, AVP Public Sector at GitLab, this time to talk about the power of hyperautomation. Listen in as Carolyn learns what can be gained through fast, accurate application security. Episode Table of Contents[00:32] What is Hyperautomation [09:02] What Has Changed in Hyperautomation Episode Links and Resources What is HyperautomationCarolyn: I'm excited to welcome back Bob Stevens, Area Vice President of Public Sector at GitLab. Bob is a seasoned veteran in public sector technology with over 36 years of experience. As the AVP at GitLab, he is responsible for helping government organizations become more productive, efficient, and effective. Bob has experience on both the industry and the government side of things. Prior to industry, he served in the United States Air Force as a computer specialist at the White House Communications Agency. Today, we are going to talk about artificial intelligence, machine learning, and what hyperautomation is exactly. Why Bob thinks it will be 2022's biggest trend. Bob, welcome back to Tech Transforms. Bob: I'm happy to be here. Thank you. Appreciate it. Carolyn: I'd like to talk about an episode that you just did with GovExec Daily. And on this episode, you mentioned that hyperautomation will be 2022's biggest trend. I'm going to be honest. I haven't really heard hyperautomation. And I get automation. I can deduce what hyperautomation is, but I would love for you to explain it to me. What's the difference between automation, hyperautomation, DevOps, all of that? Bob: Yes, I mean, it's the strict definition of the word. It's rapidly identifying, vetting in automated processes in order to produce whatever it is that you're working on as fast as you possibly can. And it trends today because if you think about the government space, they have a lot of compliance issues that they need to deal with. The Benefits of HyperautomationBob: If they can automate those compliance processes and ensure that when they build software, in the end it's going to be compliant and they don't have to go back and vet it. I mean, that's going to save them a world of time. Carolyn: Are you talking about missed compliances, automating some of those missed controls? There's 300 of them, I think. Bob: Yes, those. I think you're talking about FedRAMP. Carolyn: Yes. One of. Or authority to operate has all of those. Right? I mean, I don't know all the details. Bob: Yes, no. There's the STIGs. That the government has to put all software through and that's all about compliance. The government has to get the authority to operate, ATOs, for everything that they run. Carolyn: And renew them every two or three years. Bob: Or sooner. It depends on how much of a change occurred in the application. If you can hyperautomate all of that by the use of AI or machine learning. Again, and so by the time you produced that software, all those compliance issues are addressed. You know they're addressed because you've got confidence in the system and the way that it was done. It didn't require as little human intervention as possible, which is unfortunately, where some mistakes are injected. Then you've saved a world of time and you've made life really, really easy for the folks that are doing the development. As well as the folks that are using the applications in the end. Because they don't have to sit and wait to get the authority to operate, which sometimes can take a year.The Bad News: We Haven't Tried HyperautomationCarolyn: Is the differentiator between automation, DevOps, and hyperautomation really adding in, automating those compliances? And are you telling me that that hasn't happened before now? Bob: Unfortunately, it has not happened. I mean, that's evident by the fact that the government still has to produce ATOs and they still are doing STIGs at the end of the development cycle. Unfortunately, it hasn't happened. I think the government will embrace it and has...
Sara Jones, CEO of InclusionPro joins Carolyn and Mark to talk about all things diversity, equity, and inclusion. Sara explains gaps in authenticity and perception and gives tech leaders everywhere new goals to strive for when it comes to company culture. Episode Table of Contents[00:54] Why We Always Go Back to Company Culture [10:38] How Leaders Respond to Employees' Desire [23:03] What Attracts People of Color to Apply [30:54] Why Leaders Avoid the Important Things About Company Culture [41:37] What Technology Can Never Replace Episode Links and Resources Why We Always Go Back to Company CultureCarolyn: Today I am really happy to have Sara Jones with us. Sara's a friend and we've spoken before. Almost all of our guests, even though we're talking about tech, they always go back to culture. We're going to talk about that with Sara today. Sara Jones is the CEO of InclusionPro. She has over 20 years of experience in technology, business development, law, and leadership. You were a practicing attorney, right Sara? Sara: For 10 years. I'm still recovering. Carolyn: So as the CEO of InclusionPro, her mission is to guide leaders in building inclusive company culture that promotes team performance and team innovation. She's written a book recently called Inclusive Leadership and the Authenticity Gap, that we get to talk about today. Sara: Thank you. And this is a fun opportunity for me to merge my love of technology with diversity, equity, and inclusion. As most folks know, it is pretty hard to do. I've had a couple of decades talking about this, so hopefully, we can share some really great learnings. Most importantly, I think for the folks listening that might be thinking "DEI again." Carolyn: Which stands for? Sara: Diversity, Equity, and Inclusion. A lot of things have shifted. I think a lot of folks come to this type of conversation with the old thinking in mind. I'd just like to invite listeners to get rid of what you know. Just be open to hearing some new thoughts around diversity, equity, inclusions, and things that we're able to do now that we weren't able to do even five years ago. That's my little plug for saying, "Open-minded today?" InclusionProCarolyn: That leads really nicely into my first question about being a recovering attorney, your love for tech. What inspired you to create InclusionPro? Sara: InclusionPro is the end of a long 20-year journey having diversity, equity, inclusion as part of my personal career journey. Now, it may not be part of everyone's and a significant part of that is because I did start in patent law. Having an engineering degree and a law degree, put me in an industry that had only 5% women and people of color. I get a lot of people that are like, "Oh, our industry has no women." I'm like, "Yes, I've been there." I actually know what it's like. It's not like I came from academia or some area that was just flushed with a lot of diversity. I have lived this and I understand the impacts of it at a very personal level. But I also have been an executive. I know the challenges of being an executive, those operational aspects and how it really works in business. There's some big misalignments that can happen that we need to talk about when we get to this idea of authenticity. What is the individual need versus the larger organizational needs? Those can be very complex, very hard. I think it's something unique that I've been able to understand over my time. That makes me uniquely positioned to be able to help executives in this journey where most of them haven't been in this conversation.I think white men are more recently joining the conversation, which is very exciting. But you got a lot of employees saying, "What about social justice? What about this? I'm not seeing this statement. Where's this ERG, where's this, you're not committed." How Company Culture Makes It Challenging to Be a LeaderSara: It can be really challenging to be a leader. Being able to frankly, make a...
Join us on Tech Transforms Federal News Round-up segment, So What? Hosted by Carolyn Ford and Tracy Bannon. This week, we talk to Elizebeth Varghese, Global and Americas Leader – HR Transformation Client Offerings at IBM about one of the biggest topics in federal news: remote work. Listen in to find out how agencies can implement a smarter protocol, how remote work impacts the trust equation and the role technology can play in the workforce culture. Episode Table of Contents[00:40] The Future of Work for Federal Employees [11:28] Work-Life Balance Expectations in a Remote Work [19:01] Big Push in In-Person Protocol [26:12] Do You Need a Home Office for Remote Work? [32:01] Provide Options to Persuade People to Stay and Junk Remote Work [39:04] The People Who Are Not Approving Remote Work Episode Links and Resources The Future of Work for Federal EmployeesCarolyn: This month, we're hosting Elizebeth Varghese, Global & America's Leader: Client Offerings in Talent and HR Strategy at IBM. And outside of IBM she's an active board member at South Asian Youth Action, a nonprofit providing after-school programming, education, and college support. She was recognized as Global Top 100 Influencer in HR for 2020. And we are glad to have you joining us today, Elizebeth, to discuss returning to the office, the great resignation, and companies potentially switching to a four-day workweek hybrid, all of that. Welcome Elizebeth, how are you? Elizebeth: Great, thank you so much, Carolyn. Wonderful and delighted to be here. Great to be back on here with Tracy as well, friend from a couple of years ago as we've been going through some of these pandemic podcasts. So thank you for inviting me and I am looking forward to this. Carolyn: Yes, well this one's going to be a fun one and it might get a little heated. I've already seen some stuff on LinkedIn. I'm like, oh, that gets my blood boiling about returning to the office. And I want to start off with a question, there's an article called "Three ways the future of work must change for federal employees." The article states that at the end of the day, we need to have an IT and HR Alliance. This was due to exceptional communication between the agency's chief information officer and HR functions. In your experience, is the relationship between IT and HR something government agencies need to improve on? And industry too? Does the Relationship Between IT and HR Need Improvement?Elizebeth: Now what we've seen, the pandemic is highlighted so nothing new. This was happening for a while. I have to preface it with that. Because I think in lots of our conversations we hear this thing about, hey, this is what the pandemic caused. The pandemic caused a lot of suffering and hardship for many people, but it highlighted things that were in play for many years. And the fact the intersection of HR data and how IT's using it and accessing it has been an eternal problem. It's been going on for many years. But things came to a head when we were forced to be virtual in the federal sector and in the commercial sector. People realized that that intersection hadn't really been explored. It hadn't been addressed. It hadn't been managed in a sufficiently coherent fashion. There were a couple of reasons for that and some folks in the federal sector or commercial, the reason I say that is because this is a universal problem. It's not endemic just to one sector and we should take that. But when the pandemic hit, there were lots of tropes. Even before that around what can be done remotely, what data can be accessed in what fashion, what is secure and not. What the pandemic highlighted is that those issues were not really based upon real cybersecurity issues or access issues or single sign-on issues. They were really managed or impacted by cultural constructs of where work can be done. A great example of this is if you think about our friends on Wall Street, you could not do investment banking or
Bob Stevens, AVP Public Sector at GitLab joins Tech Transforms to talk about the imperative mission of DevOps to combine efficiency, speed and security. With emphasis on empowering teams to fail fast, moving security to the left, and a deep dive into Platform 1, you won't want to miss this episode! Episode Table of Contents[00:27] DevSecOps' Speed of the Mission [09:02] The Cultural Shift That Needs to Occur to Upgrade the Speed of the Mission [19:21] The Future of DevOps Episode Links and Resources DevSecOps' Speed of the MissionCarolyn: This week Bob Stevens, Area Vice President of Public Sector at GitLab is joining me. Bob is a seasoned veteran in public sector technology with over 25 years of experience. As the AVP at GitLab, he is responsible for helping government organizations become more productive, efficient, and effective. Bob also has experience on both the industry and the government side of things. Prior to industry he served in the United States Air Force as a computer specialist at the White House Communications Agency. I am excited today to dive in and talk about the ways that we can use DevOps to modernize and secure government IT, and what the outlook for DevOps is. How are you doing, Bob? Bob: I'm doing great. The weather's getting better in DC, so it's good to see the sun from time to time versus what we've had. But yes, doing fantastic. Carolyn: Well, good to hear it. So let's just dive in. And let's walk through what DevOps is and why implementing these practices is critical to helping modernize and improve government IT? Bob: Great. So I guess DevOps is combining efficiency, speed, and security all into one. And creating software at what I like to refer to as the speed of the mission for the government. The business side is a little different. But for the government, it's all about the mission and you being able to accomplish the mission faster and stay ahead of our adversaries. In the case of DoD and on the civilian side, it's to ensure that all of the citizens that any given agency supports gets the best possible support that they can. If you look at the organizations like the Veterans Administration. You can imagine they've got a lot of applications that they've written. The Platform the Government Is Looking For to Improve the Speed of the MissionBob: To help the vets accomplish what they need to accomplish in a timely manner. So DevOps really will help them to produce the software at speed, more securely, more efficiently, and provide the most or the best service that they possibly can to all of the veterans out there, just as one example. Carolyn: So, you know Tech Transforms is vendor agnostic. And I would love for you to just take a couple of minutes and talk about how GitLab helps with that. And just what GitLab does. I've read the marketing statements and it's a little nebulous for me. I would love to have you explain what GitLab does and how it's helping agencies achieve this? Bob: I appreciate that you're letting me do this in a vendor-agnostic community. I mean, there are a lot of tools that are required to produce software. But the way that the industry or the government in particular is heading, and you can see this in some of the articles that DoD has recently released. Is they're looking for one platform that encompasses the entire software development life cycle. As you can imagine right now, I know agencies that have anywhere from 14 to 20 different tools that they're using. And the issue with that is that there's developers that like the tool that they like. So they bring their own and they develop their portion of the software. Unfortunately, when it all comes together, it doesn't always work because they've used different tools across the development organization. And so, with the use of a single platform, you can ensure that at the end, everything is going to work. The nice thing is you can continue to bring some of those other tools. Because they integrate...
Mike Maciag, Chief Marketing Officer at Dynatrace joins Tech Transforms to talk about the power of observability. Careful monitoring is of paramount importance for any successful operation, and observability can take your agency to the next level. Listen in as Carolyn and Mark get some tips and tricks for improving cybersecurity posture with the most accurate technology. Episode Table of Contents[00:31] The Vital Role That Observability Plays in IT [10:40] Observability: When You're Asking the Systems to Share [22:48] The President's Memo on User Experience [34:01] Let Machines Do the Stuff That Doesn't Matter Episode Links and Resources The Vital Role That Observability Plays in ITCarolyn: Today, we get to welcome Mike Maciag, who is Chief Marketing Officer of Dynatrace. One of our own, one of the clan is here with us today. And as CMO, Mike is responsible for Dynatrace's global marketing organization. We're really excited to hear his expert opinion on observability and the vital role that it plays in IT, and especially the cloud. Mike: Thank you, Carolyn. Mark, nice to be with you both today. And I know this is a long time in coming, but I'm excited to be sitting down and talking to you today. Carolyn: We've been able to talk to a few of our guests a little bit about APM. And just recently we talked to a former CIO at VA. He is very bullish on APM, and he talked a lot about the advances that they were able to make in the VA with APM. Just that at least within the VA, APM moved from a nice to have to a must-have. And what I'd really like to hear you talk about, just to dive right in, Mike, is so there's the APM part. But then in my mind and I might be positioning this wrong. In my mind, I think that observability is like APM 2.0. But can you speak to that APM versus observability? What's the difference? Mike: As long as we're talking about terms, we might want to mix monitoring in there as well. All terms that are thrown around, is it monitoring, is it APM, is it observability? And it's changed, it's changed a lot. Let me start with the simplest definition, then maybe we can unpack it from there. Think of observability as the umbrella term, as the broadest umbrella term that goes above all of this. Monitoring, APM, ObservabilityMike: Observability fully includes APM, and observability also subsumes monitoring, both of the things that we've been doing. There are kind of two megatrends in the industry that have been driving this move towards observability. One is the move to the cloud.More and more systems are moving to cloud architectures, probably more important digitally native architectures. We're going from monolithic systems that we could understand, that we could see, that we could touch. We could understand what's happening with them into cloud increasingly complex, even multi-cloud architectures that are driven by microservices and the like. The reason for that movement is it has made digital transformation, application development faster and easier in that regard. Which is this digital transformation fundamentally looking at everything that I've been doing in every aspects of my business. Whether it be on the front end or in the services I provide. Whether it be on the front end or in the backend machine to machine conversations is happening in cloud architectures. And we're trying to figure out how we can automate more of it and things are happening that way. Does that make sense, just from a starting point, from observability's umbrella, fully subsumed monitoring, fully subsumed APM, kind of in that the drivers being cloud and digital transformation making that happen. And I can get into more details. Mark: That absolutely hits the mark. And we also say end-user performance or experience. Mike: That's right. Carolyn: Yes, that sets me straight. Because me saying that observability is APM 2.0 is wrong. APM, like you said, it's underneath observability. It might be, I guess, one way into...