POPULARITY
Send us Fan MailAI is moving fast in federal contracting, but the real opportunity for small businesses may not be where everyone thinks it is.In this episode of FedBiz'5, we break down how AI, cybersecurity, and federal buying are converging, and why that creates both pressure and possibility for small business contractors. Agencies want AI-enabled solutions, but they also need security, governance, data protection, compliance, human oversight, and practical implementation support.That is where small contractors can still break in.You'll learn how AI is showing up in RFIs and RFPs, what “AI security layers” really mean in procurement terms, why CMMC, FedRAMP, CUI, and data governance matter more than ever, and which AI-adjacent lanes may be most realistic for small businesses heading into 2026.If you support cybersecurity, data modernization, compliance, cloud, training, governance, analytics, or mission-focused IT services, this episode will help you see where federal AI demand is headed and how to position before the market gets even more crowded.Visit us: FedBizAccess.comStay Connected: Follow Us on FacebookFollow Us on LinkedInNeed help in the government marketplace? Call a FedBiz Specialist today: 844-628-8914Or, schedule a complimentary consultation at your convenience.
Axios reported that Twenty, a cyber warfare startup, reached a $1 billion valuation. The development highlights investor interest in defense cyber markets that depend on compliance, accreditation, and long government sales cycles. Companies in this space often pursue FedRAMP, Authority to Operate, and DoD impact level requirements to handle sensitive data. Startups typically progress from SBIR awards and DIU or AFWERX prototypes to production contracts through OTA or traditional procurement. Export controls such as EAR, ITAR, and Wassenaar shape market access and allied sales strategies. Founders will watch for signs that Twenty secures accredited deployments and converts pilots into multi-year agreements.Learn more on this news by visiting us at: https://greyjournal.net/news/ Hosted on Acast. See acast.com/privacy for more information.
The Department of Homeland Security is pushing cyber modernization across civilian agencies through CISA programs such as zero trust implementation, Continuous Diagnostics and Mitigation, and Trusted Internet Connections 3.0. Budget requests have kept CISA funding near $3 billion, supporting multi-year investments in detection, response, and workforce. Leadership from Secretary Alejandro Mayorkas, CISA Director Jen Easterly, and DHS CIO Eric Hysen emphasizes joint defense, binding directives, and cross-component coordination. Workforce constraints persist despite the Cyber Talent Management System, prompting greater use of training and managed services. Acquisition relies on vehicles like FirstSource III, PACTS III, GSA MAS, NASA SEWP, and CDM DEFEND task orders. Compliance requirements now center on OMB secure software guidance, NIST control baselines, FIPS 140-3, and FedRAMP. Vendors that map capabilities to CISA's Zero Trust Maturity Model and prepare attestations and authorizations can better align to agency buying priorities.Learn more on this news by visiting us at: https://greyjournal.net/news/ Hosted on Acast. See acast.com/privacy for more information.
Outcome-based managed security and attached vendor warranties are driving a new form of coverage-based vendor lock-in for MSPs and IT service providers. Vendors such as Intezer and SPECTRA are introducing performance guarantees, SLAs, and cyber resilience warranties that require MSPs to fully standardize on their architectures. This evolving model shifts accountability for enforcement and risk management from the individual MSP to the vendor's operating model, thereby altering the independent role of the MSP within client environments. A notable example is Intezer's Amplify Partner program, which asserts that its platform can process 100% of security alerts while escalating fewer than 2% for human review—claims the company frames as outcomes rather than product specifications. SPECTRA's use of certification-linked warranties, distributed via Ingram Micro, establishes channel-distributable assurance products with explicit conditions attached at every level. According to a Check Point report, while 77% of organizations report having adopted AI for cloud security, only 26% feel capable of enforcing those strategies, revealing a gap between security intent and operational ability. This structural shift is further illustrated by Merlin Cyber's FedRAMP managed service offering, Lumen's MDR enhancements targeting mid-market MSPs, and Trustlogix's addition of intent-based authorization controls. The FBI's announcement regarding Microsoft 365 OAuth token hijacking and recent vulnerabilities in widely used platforms like ConnectWise Automate underscore the real-world risks of automation platforms being targeted. These developments collectively point to growing operational complexity, rising compliance burdens, and the need for MSPs to separate their commitments from upstream vendor claims. For operators, the trend demands increased scrutiny of warranty terms, claim denial conditions, and SLA language before making any client-facing assurances. MSPs risk absorbing liability if they repeat vendor marketing claims without contractual clarity or operational control. Effective governance now requires independently produced, audit-ready evidence that documents compliance and enforcement separate from vendor portals. As assurance sales proliferate, the operational gap between acting as an underwriter versus a reseller will drive market differentiation, affecting both pricing structures and eligibility for vendor-backed coverage. 00:00 Channel-Ready Security 03:41 Policy vs. Reality 05:59 MFA Isn't Enough 09:12 Why Do We Care? Supported by: ScalePad Moovila
Send us Fan MailMost people assume national security delays are about technology.They're not. They're about paperwork - and it can take up to two years just to deploy software the government already wants.Andrew Black is a national security entrepreneur, cybersecurity executive, and emerging technology strategist whose career has sat at the intersection of AI, defense, cyber risk, and global security operations.Andrew is currently the CEO of Kovr.ai ( https://kovr.ai/ ) an AI-native cyber compliance platform focused on one of the biggest bottlenecks in modern national security: getting software and cloud systems authorized for use in highly regulated and classified environments. Kovr.ai is using AI to automate complex compliance frameworks like FedRAMP and CMMC, helping organizations become “ATO-ready” (Authority to Operate) in minutes rather than months. Andrew also now serves as Chief Strategy Officer of Fortreum ( https://fortreum.com/ ) which recently acquired Kovr.aiBefore joining Kovr.ai, Andrew led emerging technology initiatives at Amazon Web Services (AWS), where he worked with government leaders on next-generation capabilities spanning artificial intelligence, generative AI, quantum computing, high-performance computing, edge systems, and space technologies.Andrew's career has also included leadership roles at Gartner, advisory work with the Krach Institute for Tech Diplomacy at Purdue, venture investing with NextGen Venture Partners, and teaching national security and data analysis as adjunct faculty at Georgetown University Walsh School of Foreign Service.Earlier in his career, Andrew worked in counter-terrorism, threat modeling, and risk analytics, building data-driven systems to allocate anti-terrorism resources and anticipate geopolitical instability in frontier and conflict-affected regions.A graduate of University of St Andrews and Georgetown University, Andrew has spent two decades helping government and industry navigate increasingly complex technological and security landscapes - and today he's focused on transforming how AI can accelerate trust, compliance, and operational readiness across the defense ecosystem.#AI #Cybersecurity #NationalSecurity #DefenseTech #FedRAMP #CMMC #ATO #ArtificialIntelligence #GovTech #CyberCompliance #CloudSecurity #KovrAI #DoD #ZeroTrust #EmergingTech #Startup #MachineLearning #CyberDefense #FutureOfAI #GovernmentTechnologySupport the show
The Federal Risk Authorization and Management Program is making a simple word change that will hopefully put to rest some long-standing confusion about the cloud security program. Under the new rules, cloud services the program has approved will be dubbed “FedRAMP certified” instead of “FedRAMP authorized.” Nicole Thompson is the security director for FedRAMP at the General Services Administration. She talked about the latest changes with Federal News Network's Jason Miller. See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
The episode details a tightening regulatory environment driven by new enforcement timelines for Cybersecurity Maturity Model Certification (CMMC), altering how MSPs and IT service providers are expected to deliver both compliance and operational services for U.S. defense contractors. Structural pressure stems from the Department of Defense making CMMC Level 2 compliance a contractual mandate for approximately 300,000 defense contractors, shifting risk and accountability towards providers who manage compliance workflows, technical environments, and client behaviors. C3 Integrated Solutions and their dual CMMC Level 2 certifications exemplify this transition, with clear implications for co-ownership of compliance outcomes and increased scrutiny on provider practices. The most consequential development is the substantial gap between compliance requirements and the current readiness of the defense contractor base. As of early 2026, only around 8% of contractors have obtained CMMC Level 2 certification, despite enforcement being implemented in contracts starting in November of the same year, according to Dave and Jason. Challenges arise from cost, organizational bandwidth, and complexity, with MSPs serving as pivotal partners to small subcontractors lacking in-house resources for process documentation and change management. Assessment scheduling bottlenecks and insufficient documentation are delaying certifications, increasing risk that many contractors and their service partners will miss the rapidly approaching deadlines. Related developments reinforce the central issue of operational risk and governance complexity. Jason Tierney illustrates the difference between technical compliance and true assessment readiness, citing real-world examples where insufficient evidence and poor understanding of process details lead to significant assessment delays. The rise of compliance-as-a-service offerings, enclave computing environments, and specialized governance tooling are attempts to address those gaps, but also introduce new layers of pricing, platform selection, and accountability concerns, especially when third-party tools fail to meet strict requirements such as FedRAMP moderate for handling sensitive data. For MSPs and IT leaders, the shift imposes higher barriers to entry, increased legal and contractual exposure, more rigorous documentation and process controls, and the need for customized delivery models that support both technical defenses and organizational behavior change. Providers must navigate conflicting requirements between specialized regulatory environments and multi-tenant tooling, manage escalating costs for both themselves and clients, and clarify responsibility boundaries in shared compliance scenarios. The requirement for human oversight—particularly in automated or AI-assisted compliance tooling—remains non-negotiable, reflecting the ongoing gap between technical implementation and credible assessment outcomes. Supported by:CometBackupMoovilaHaloPSA
Podcast: PrOTect It All (LS 27 · TOP 10% what is this?)Episode: AI Agents & Cybersecurity: Identity, Compliance, and the New Risks Facing IT and OTPub date: 2026-05-11Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarization AI agents are changing cybersecurity faster than most organizations can adapt. In this episode of Protect It All, host Aaron Crow welcomes back cybersecurity veteran Ken Foster for a deep dive into how AI is reshaping risk, identity, and resilience across IT and OT environments. With more than 30 years of experience spanning the Navy, manufacturing, fintech, government programs, and startups, Ken brings a grounded, real-world perspective on what organizations are getting right and dangerously wrong about AI adoption. Together, Aaron and Ken explore the growing challenges around AI agents, identity governance, shadow AI, compliance, and attribution in highly regulated industries. As AI tools become embedded into workflows and decision-making, organizations must rethink how they manage access, monitor activity, and maintain resilience against rapidly evolving threats. You'll learn: Why AI agents introduce new identity and governance risks The dangers of shadow AI inside enterprise environments How AI impacts compliance, attribution, and accountability Why foundational practices like patching, segmentation, and documentation still matter The role of continuous monitoring in AI-driven environments How organizations can balance innovation with resilience and control Whether you're leading cybersecurity strategy, managing critical infrastructure, or navigating AI adoption inside regulated environments, this episode delivers practical insights for securing the next generation of digital operations. Tune in to learn how AI is transforming cybersecurity - and what leaders must do to stay ahead - only on Protect It All. Key Moments: 07:47 AI guardrails discussion 12:02 Patching and network segmentation 20:44 AI changing job roles 24:24 FISMA and FedRAMP concerns 29:18 Emergency response planning 35:36 Choosing the right tech team 37:14 Discussing accountability and risk 46:31 Developer access problems 51:50 AI Dependence Risks 57:36 AI in pen testing 58:55 AI in risk prevention About the guest : Ken Foster is a veteran cybersecurity leader with 25+ years of experience in enterprise security, risk governance, and global infrastructure strategy. Currently Head of Global Architecture at Adient, Ken has previously led cybersecurity and compliance programs at Fleetcor and Fiserv, specializing in IAM, cloud security, regulatory compliance, and risk-based cybersecurity strategy. He is known for helping organizations balance innovation, resilience, and operational execution in highly regulated environments. How to connect Ken: http://linkedin.com/in/kennethfoster/ Connect With Aaron Crow: Website: www.corvosec.com LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co Website: https://protectitall.co/ X: https://twitter.com/protectitall YouTube: https://www.youtube.com/@PrOTectITAll FaceBook: https://facebook.com/protectitallpodcast To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Send us Fan MailQuiet failures are the ones that scare me most, and enterprise AI creates a brand-new way for them to spread. If a chatbot becomes the “trusted employee” everyone relies on, a slow drip of bad documents, outdated procedures, or deliberately manipulated data can poison decisions for months without a single red flag. We break down what that looks like in real organizations, why it differs from the Hollywood version of a hack, and how the business impact shows up as confident misinformation rather than obvious outages.We also dig into the difference between data poisoning (deliberate manipulation) and data pollution (accidental garbage at scale), then connect it to retrieval augmented generation (RAG). RAG is powerful because it answers from your internal knowledge base, but that same knowledge base becomes the attack surface and the “source of truth” the model won't question. I share practical steps you can take right now: audit what your AI actually trusts, map the full AI contact surface across workflows and repositories, treat the AI pipeline like an untrusted vendor, and assign a named owner for accuracy and security.Then we shift into CISSP Domain 1 practice with exam-style questions that force real trade-offs: using annual loss expectancy (ALE) to recommend a risk treatment to the board, applying NIST RMF guidance even when controls are inherited through FedRAMP, handling an ethics dilemma under the ISC2 Code of Ethics, spotting the biggest BCP gap when RTO and RPO targets collide with backup frequency, and explaining why HIPAA compliance does not automatically equal GDPR compliance for EU citizen data.If you're studying for the CISSP or you're building security controls around AI and cloud systems, this one is built to sharpen both your judgement and your test readiness. Subscribe, share this with a friend who's deploying AI internally, and leave a quick review so more CISSP candidates can find the show.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!
Asana CPO Arnab Bose breaks down how AI agents are transforming collaborative work management with multiplayer AI teammates that any team member can coach and correct.Topics Include:Asana is a collaborative work management platform used by 170,000+ companies worldwide.The "Pyramid of Clarity" connects individual tasks all the way up to company strategy.Asana's "work graph" maps tasks, teams, projects, and portfolios in one connected system.Generative AI now converts unstructured data like emails into structured project plans.Asana integrates directly with AWS, Gemini, and Claude to automate that conversion.AI Teammates are first-party agents that take on and complete tasks inside Asana.These agents work in multiplayer mode — visible, collaborative, and team-correctable.A third AI unlock is coming: letting any external agent builder plug into Asana's interface.Asana runs entirely on AWS, including a new FedRAMP moderate GovCloud deployment.AWS Marketplace listings help customers transact faster using existing AWS credits.Arnab advises startups to bet on AWS long-term rather than chasing short-term LLM trends.His 2026 prediction: multi-agent orchestration standards will be the enterprise AI battleground.Participants:Arnab Bose – Chief Product Officer, AsanaSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/
Cybersecurity is no longer a nice-to-have for government contractors — CMMC compliance is now a pre-award requirement, and if you haven't addressed it, your proposal may be dead before anyone reads it. In this episode, Eric sits down with a 15-year MIT Lincoln Laboratory veteran whose company now trains US Cyber Command to break down exactly what small and mid-size contractors need to know about cyber readiness in a rapidly shifting AI-driven threat landscape. Here's what you'll learn in this episode: Why CMMC and FedRAMP exist — and why meeting the minimum standard is just the floor, not the finish line, for contractors serious about winning DoD business How AI is accelerating cyberattacks on small businesses — attackers are using the same tools you use to run your business, and they're moving faster than ever What a cyber range actually is and how it works — the fire drill analogy that explains why buying tools without training your team is money wasted The right cybersecurity stack for small contractors — endpoint detection and response (EDR), firewalls, and SIEMs explained in plain language with practical starting points How to stop overspending on tools you don't use — why most CISOs only fully utilize a third of their security tools and how to build a lean, effective stack instead What AI adoption inside your company is actually exposing — prompt injection, data leakage, and the governance controls that protect your sensitive contract data EPISODE CHAPTERS: 0:00 - Sponsor message and why cybersecurity just became mandatory 0:53 - Introducing a 15-year MIT Lincoln Lab cyber expert 6:01 - How the guest built cyber infrastructure for national defense 7:25 - What cyber ranges are and how they work for DoD training 9:16 - The fire drill analogy for understanding cyber readiness 11:07 - Why buying tools without training your team is not enough 13:28 - How the threat landscape has evolved from servers to cloud to AI 16:17 - CMMC and FedRAMP explained as a minimum bar for contractors 19:38 - The real-world financial losses that finally force action on cyber 25:21 - Building a practical cyber stack for small business contractors 31:17 - How AI is changing team size, efficiency, and detection capability 33:36 - Where AI adoption inside your business is creating new vulnerabilities 37:00 - How cyber range assessments work and how long they take 42:14 - What the next five years looks like for cybersecurity in govcon If you want to learn more about the community and to join the webinars go to: https://federalhelpcenter.com/ Website: https://govcongiants.org/ Connect with Encore Funding: http://govcongiants.org/funding Connect with Lee Rossey: https://www.linkedin.com/in/lee-rossey-0873881/
RSAC Conference 2026 is in the books, and the post-event read is familiar. More vendors, more AI-driven marketing, more noise, and a buyer-side audience that increasingly cannot tell who to trust. Michael Parisi, Chief Growth Officer at Steel Patriot Partners, joins ITSPmagazine for a quick post-event catch-up on what he walked away with, and what is quietly shifting underneath all that volume. The headline takeaway is what Michael Parisi calls the "fog of more." Marketing has done its job too well. CISOs and business leaders facing real decisions cannot tell competing solutions apart, do not know where to start, and are not sure their current stack is even the right one. Too much information has become its own information problem. What is shifting, according to Michael Parisi, is where the meaningful conversations actually happen. Closed-door, hallway, and dinner conversations have always existed at RSAC Conference, but more people are now openly recognizing that this is where the real industry decisions get made. That recognition is changing how teams plan to engage with future conferences and industry events. For Steel Patriot Partners, which describes itself as business owners first, engineers second, and security and compliance practitioners third, that is exactly the conversation they want to be in. This is a Brand Highlight. A Brand Highlight is a ~5 minute introductory conversation designed to put a spotlight on the guest and their company. Learn more: https://www.studioc60.com/creation#highlight GUEST Michael Parisi, Chief Growth Officer, Steel Patriot Partners | https://www.linkedin.com/in/michael-parisi-4009b2261/ RESOURCES Learn more about Steel Patriot Partners: https://www.steelpatriotpartners.com Steel Patriot Partners Assistance Center: https://www.steelpatriotpartners.com View all of our RSAC Conference 2026 coverage: https://www.itspmagazine.com/rsac26 Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Michael Parisi, Steel Patriot Partners, Marco Ciappelli, Sean Martin, brand story, brand marketing, marketing podcast, brand highlight, RSAC Conference 2026, RSAC, cybersecurity compliance, fog of more, vendor noise, CISO, GRC, cybersecurity advisory, FedRAMP, CMMC, HITRUST, AI security marketing, hallway conversations, post RSAC Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
Gov Tech Today hosts Russell Lowery and Jennifer Saha recap this year's RSA cybersecurity conference in San Francisco, noting the event's commercial scale and a smaller, dedicated public-sector track. Key takeaways include how “agentic AI” is moving from buzzword to reality, with public agencies urged to treat AI agents like users—requiring identity and access controls, least-privilege permissions, logging, and auditing—within existing governance frameworks such as FedRAMP, StateRAMP, and NIST. They discuss governance as a primary security control, growing attention to critical infrastructure and physical access as cybersecurity issues, and the challenge of tiny local utilities lacking staff and budgets, suggesting collaboration and shared services. The conversation also flags procurement and tool sprawl concerns, and explores what outcome-based security might mean for measuring automation, effectiveness, and ROI in government contracts. 00:00 Welcome to Gov Tech Today 00:15 What is RSA Conference 00:53 San Francisco Cleanup Talk 01:52 Public Sector at RSA 04:42 AI Everywhere at RSA 05:34 Agentic AI as Users 07:42 Governance as Security Control 09:25 Critical Infrastructure Cyber Shift 10:57 Small Districts Big Risk 12:38 Shared Services and Support 14:20 Procurement Must Catch Up 16:31 Outcome Based Security Metrics 18:09 Wrap Up and Next Year
Let us go through some of the recent updates from the @atlassian ecosystem#TrelloFedRAMP #TrelloInboxLabels #UpgradeAxioshttps://www.ravisagar.in/videos/atlassian-updates-ending-trello-inbox-fedramp-trello-labels-upgrade-axios
This episode kicks off the Texas Talks Special Series: AI and Public Policy, a multi-part series exploring how artificial intelligence will reshape governance at every level in the years ahead. Artificial intelligence is advancing at an unprecedented pace — but can government keep up? In this episode of Texas Talks, host Brad Swail is joined by Tanner Jones and Chris Minge, cofounders of Vulcan Technologies, to launch the series with a deep dive into how AI is already transforming the private sector — and why government risks falling dangerously behind if it fails to adapt. Jones and Minge explain how their company is working to bring “frontier AI” into state and federal government, giving policymakers the tools to better understand laws, budgets, and regulatory systems in real time. They argue that without modernization, the gap between private-sector innovation and government capability could grow so wide that it undermines effective governance. The discussion also dives into the structural problems holding government back — from outdated procurement systems to legacy vendors delivering obsolete technology — and how those inefficiencies impact everything from permitting to policymaking. The conversation also covers: • Why government technology often lags years behind the private sector • How outdated procurement systems slow innovation and increase costs • The risks of governments relying on outdated AI models • Why AI should serve as a tool for policymakers — not replace them • How Vulcan's platform helps navigate massive legal and regulatory datasets • The challenge of building clean, usable government data from fragmented systems • How AI can reduce months-long processes (like permitting) down to days • The dangers of a fragmented, state-by-state regulatory patchwork • Why startups — not just legacy vendors — are critical to innovation in government • How Texas is positioning itself as a national leader in AI-driven governance • The broader economic and policy implications of AI adoption Jones and Minge also highlight real-world results, including dramatic reductions in time spent on routine government tasks and the ability for public servants to focus more on high-level policy work instead of clerical processes. Looking ahead, they argue that states like Texas that successfully integrate AI into governance will see faster economic growth, more efficient public services, and a stronger competitive advantage — while those that fail to adapt risk falling further behind. 00:00 — Introduction to AI and public policy series 00:27 — Tanner Jones and Chris Minge introduce Vulcan Technologies 01:10 — Founders' background and company origin story 02:28 — The growing gap between private sector and government tech 03:55 — Why outdated government tech threatens the “Republic” 05:10 — Procurement failures and legacy vendors explained 06:59 — Why citizens often have better AI tools than government 07:47 — Are government buyers equipped to evaluate tech? 09:08 — How AI models rapidly become outdated 10:38 — Concerns about AI accuracy, hallucinations, and control 11:49 — AI as a tool vs decision-maker in government 13:13 — What happens if government falls too far behind 14:38 — Procurement bottlenecks and adoption challenges 16:10 — Vendor lock-in and inflated government tech costs 17:54 — Why Vulcan ships updates differently 18:58 — Real-world use cases: governors and policymaking tools 20:15 — Navigating legal, budget, and regulatory systems with AI 21:26 — Why generic AI tools fail for government use 22:42 — Building massive legal datasets from scratch 24:06 — The challenge of unusable government data (PDFs, scans) 26:17 — Texas innovation and the Regulatory Efficiency Office 27:47 — The risks of a fragmented AI regulatory patchwork 29:20 — Balancing AI innovation with necessary guardrails 31:16 — Compliance challenges and FedRAMP 33:02 — Real-world example: fixing permitting bottlenecks 35:23 — What becomes possible with AI in government 37:08 — Cleaning up contradictory laws and regulations 38:43 — Real results: time savings and productivity gains 41:21 — The future of AI-driven governance in Texas 44:06 — Economic growth and competitive advantage from AI adoption 45:03 — Closing thoughts and where to learn more Watch Full-Length Interviews: https://www.youtube.com/@TexasTalks
The federal government is rapidly adopting artificial intelligence to enhance efficiency and security, but faces challenges including hidden costs from tech companies like Microsoft and Google, which offer AI tools at reduced prices that may lead to increased long-term expenses. Historical transitions, such as the shift to cloud computing, highlight similar issues with oversight programs like FedRAMP, which struggle with limited resources, potentially compromising security. The reliance on third-party assessors, paid by the companies they evaluate, introduces conflicts of interest, complicating the government's ability to ensure secure AI adoption. Addressing these challenges involves strengthening oversight programs, ensuring assessor independence, and evaluating long-term AI tool costs.Learn more on this news by visiting us at: https://greyjournal.net/news/ Hosted on Acast. See acast.com/privacy for more information.
The CDC is taking a major step forward in its approach to artificial intelligence with the release of a new four-year AI strategy, aimed at strengthening public health capabilities and modernizing data use across the agency. Outgoing acting Chief AI Officer Travis Hoppe discussed how years of foundational work have positioned the CDC to responsibly adopt and scale AI technologies. He underscored the importance of balancing innovation with federal compliance requirements, including FedRAMP authorization and rigorous cybersecurity standards, while maintaining strong partnerships with industry and state and local partners. As AI capabilities evolve, Hoppe underscores the importance of agility across federal IT leadership — continuously reassessing tools, guidance and workforce readiness to keep pace with a rapidly changing landscape.
At RSAC Conference 2026, the noise is relentless. Vendor booths, AI pitches, and breathless marketing compete for attention at every turn. Michael Parisi, Chief Growth Officer at Steel Patriot Partners, joins Sean Martin and Marco Ciappelli on the ground in San Francisco to name what too few are willing to say out loud: most of the conversation happening on the show floor does not reflect the conversations that actually matter. The real exchanges, Parisi says, are happening backstage -- in the hallways, over coffee, between practitioners who trust each other enough to ask: does this vendor actually do what they say? That shift back to peer-driven trust is not a trend. It is a correction. Security leaders are exhausted and fragile, operating under intense pressure, and they are returning to the relationships they know rather than the research tools and AI-generated answers they do not trust. Steel Patriot Partners was built around exactly that dynamic. Their operating principle -- business owners first, engineers second, compliance and security people third -- runs counter to how most consulting firms approach an engagement. Rather than leading with frameworks or certifications, the team starts by asking what outcome the client is actually trying to achieve. Parisi is candid about how often that conversation leads them to steer a client away from the path they came in convinced they needed. That willingness to say no -- and mean it -- is what sets a trusted advisor apart from a vendor. The outcome-first philosophy shapes every engagement. As founder Jason Ford says, 80% of what Steel Patriot Partners does is a therapy session. Organizations coming in with complex compliance challenges -- FedRAMP, CMMC, HITRUST, DoD IL -- need more than a checklist. They need a partner who has lived those journeys themselves, made the mistakes, and can speak honestly about what is worth pursuing and what is not. Parisi's advice to anyone evaluating a consulting partner is pointed: ask the question up and down the team, not just of the founder. The firms that have genuinely lived what they sell -- and can talk about the failures as clearly as the successes -- are the ones worth trusting when the stakes are high. This is a Brand Spotlight. A Brand Spotlight is a ~15 minute conversation designed to explore the guest, their company, and what makes their approach unique. Learn more: https://www.studioc60.com/creation#spotlight GUEST Michael Parisi, Chief Growth Officer, Steel Patriot Partners LinkedIn: https://www.linkedin.com/in/michael-parisi-4009b2261/ RESOURCES Steel Patriot Partners: https://www.steelpatriotpartners.com Are you interested in telling your story? ▶︎ Full Length Brand Story: https://www.studioc60.com/content-creation#full ▶︎ Brand Spotlight Story: https://www.studioc60.com/content-creation#spotlight ▶︎ Brand Highlight Story: https://www.studioc60.com/content-creation#highlight KEYWORDS Michael Parisi, Steel Patriot Partners, Sean Martin, brand spotlight, brand story, brand marketing, marketing podcast, cybersecurity consulting, compliance advisory, FedRAMP, CMMC, HITRUST, DoD IL, trusted advisor, outcome-based consulting, vendor trust, cybersecurity noise, RSAC Conference 2026, security leadership, GRC, business risk, human in the loop Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
This week on the GovNavigators Show, Adam and Robert sit down with Ryan Hoesing, Chief of Staff for FedRAMP, and Nicole Thompson, Security Director, for a deep dive into one of the most consequential federal IT programs undergoing transformation today.Ryan and Nicole walk through the sweeping changes to the FedRAMP program and explain what the new “FedRAMP 20x” approach means for agencies and industry. They unpack the shift from authorization to certification, the move toward continuous and machine-readable security data, and why redefining FedRAMP's role is critical to making cloud adoption actually work across government.Show Notes:Continued DHS appropriations uncertaintyLaunch of VP Vance's anti-fraud taskforceNew DEI EOWhat's on the GovNavigators' Radar:Mar 31: Oracle Federal ForumApr 8: ACT-IAC Contact Center Summit
The Information's Yueqi Yang talks with TITV Host Akash Pasricha about crypto's "crisis of faith" and why Bitcoin's value has halved since October. We also talk with Elon Musk Reporter Theo Wayt about how the SpaceX IPO hype is boosting—and threatening—the space ecosystem, and Haystack Partner Aashay Sanghvi about the "Big Token" thesis for AI startup exits and making it onto The Information's Next General Partners list. Lastly, we get into the complex world of FedRAMP and regulated AI with M12 Partner Cheryl Cheng.Articles discussed on this episode: https://www.theinformation.com/articles/cryptos-nasty-downturn-getting-worsehttps://www.theinformation.com/articles/spacex-hype-boosts-stocks-crosshairsSubscribe: YouTube: https://www.youtube.com/@theinformation The Information: https://www.theinformation.com/subscribe_hSign up for the AI Agenda newsletter: https://www.theinformation.com/features/ai-agendaTITV airs weekdays on YouTube, X and LinkedIn at 10AM PT / 1PM ET. Or check us out wherever you get your podcasts.Follow us:X: https://x.com/theinformationIG: https://www.instagram.com/theinformation/TikTok: https://www.tiktok.com/@titv.theinformationLinkedIn: https://www.linkedin.com/company/theinformation/
Federal contract proposals don't have to take days to decode — AI tools are changing the game for small business owners competing for government work. In this episode of the Federal Help Center Podcast, Eric Coffey walks through his exact process for using AI-powered platforms to analyze solicitations, identify compliance gaps, and determine whether a contract is even worth pursuing — all in under three minutes.
The structural mechanism highlighted in this episode is the shift of government policy from serving as a regulatory guardrail to acting as a direct steering function in technology selection, shifting liability boundaries and procurement decisions onto MSPs and their contracts. Federal agencies, including the FCC and the White House, are no longer just prescribing security outcomes but are increasingly specifying acceptable inputs such as specific routers, AI contract terms, and cloud platforms, converting technology choices into explicit compliance obligations. A consequential development supporting this shift is the FCC's move to ban imports of consumer-grade routers manufactured outside the United States, a policy change that directly impacts not only residential but also business environments such as home offices and smaller hybrid setups. Additionally, the White House's push for a unified national AI governance framework, rather than a patchwork of state-based rules, further codifies what vendors and MSPs must document and justify in both procurement and ongoing service delivery. Contractual requirements—such as the GSA's draft AI clause—are moving compliance from best practice guidance to enforceable terms, influencing which vendors can bid for federal contracts and what they must attest to regarding AI-enabled services. Related stories underscore the tightening of enforcement through procurement and certification gates. The transcript cites the FedRAMP system as an example, where conditional approvals and review backlogs highlight operational challenges and reinforce how authorization is less about technical sufficiency and more about meeting buyer and audit expectations. The trend toward requiring supply chain and AI attestations by default in master service agreements is consolidating vendor choice around those that can produce defensible documentation, while increasing burdens for those unable to do so. For MSPs and IT providers, the practical implications are increased operational complexity and contract risk. Vendor selection now carries liability exposure that extends beyond technical performance to proving decisions in audits, insurance reviews, and contract disputes. Maintaining evidence-ready reports for backup, recovery, and AI governance is no longer optional, as the inability to produce such proof can result in being excluded from regulated verticals. The expected tradeoff is a consolidation of vendors and solutions, weighted toward those who offer prepackaged compliance and attestation capabilities, but with an accompanying risk of over-dependence and concentration. 00:00 Contract Conditions 02:53 Gates, Not Laws 04:34 Compliance Consolidates 07:30 Why Do We Care? Supported by: ScalePad Nerdio
(Presented by Thinkst Canary: Most Companies find out way too late that they've been breached. Thinkst Canary changes this. Deploy Canaries and Canarytokens in minutes and then forget about them. Attackers tip their hand by touching 'em giving you the one alert, when it matters. With zero admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents.) Three Buddy Problem - Episode 90: We remember GReAT teammate Sergey Mineev, the legendary malware hunter behind discoveries like Equation Group and Project Sauron (Remsec), including stories about his methods and why he was the best to ever do it. Plus, another in-the-wild iOS exploit kit discovery and a long overdue conversation about Apple's responsibility to hundreds of millions of users on older iOS versions; the ProPublica Microsoft/FedRAMP bombshell, Interlock ransomware sitting on a Cisco zero-day, the White House AI policy framework, and Supermicro co-founder $2.5 billion AI chip smuggling bust. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.
Federal Tech Podcast: Listen and learn how successful companies get federal contracts
Today, we sat down with Trey Ford from Bugcrowd to talk about ethical hacking. One of the most memorable phrases from ancient Rome is Quis custodiet custodes? (Who Watches the Watchman?). This ancient admonition has direct application to federal cybersecurity. We know federal agencies spend millions of dollars to protect data. How does one ensure the contracted companies are doing their jobs? Traditionally, an organization would use penetration testers, contractors, or basic scanning methods. However, today's attack surfaces are expanding, and malicious actors are innovating so rapidly that we are being forced to consider more creative options. In other words, an annual penetration test against an AI-inspired attack is too focused to be effective. The innovation Bugcrowd brings to the table is a community of researchers who can attack a system from many perspectives. During the discussion, you will learn about federal vulnerability disclosure programs, how to overcome talent shortages, and how Bugcrown vets its research community. Trey Ford also touches on the FedRAMP journey, AI integration, and the evolving cybersecurity landscape, stressing the need for human creativity and dynamic responses to threats. Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com
Two very different cyber cases — a DFARS‑driven settlement and a criminal indictment involving FedRAMP misrepresentations; are giving contractors a preview of DOJ's posture for 2026. Both point to a more aggressive and more varied enforcement landscape. We're talking through what that means with Andrew Liebler and Lance Taubin of Alston & Bird.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
Federal Tech Podcast: Listen and learn how successful companies get federal contracts
Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com When people look back on 2025 they will see many changes in the FedRAMP process. It looks like a new administration examined the process, got feedback from companies, and launched new initiatives to speed up the process. During today's interview, Irina Denisenko (Knox CEO) details FedRAMP's challenges and something called "FedRAMP 20x." Knox runs the largest FedRAMP-managed cloud, enabling 90-day authorizations by hosting customers' production environments. Denisenko explains the story of the origin of Knox Systems: she was running a training company and the Air Force wanted to use her product. It would have taken so long to complete the FedRAMP requirements that she just bought a company that was FedRAMP compliant. It is hard to believe that the process is so frustrating that fewer than 500 apps are authorized at moderate/high FedRAMP The initiative from the GSA is called FedRAMP 20x It shifts to continuous monitoring and continuous authorization, moving from annual audits (sampled every 3 years) and monthly CVE spreadsheets to real-time, machine-readable data. What Knox offers is a tried-and-true platform that has reduced time for compliance in order to better serve federal needs.
Federal Tech Podcast: Listen and learn how successful companies get federal contracts
Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Way back in 2011, one of the goals of FedRAMP was to eliminate software redundancy. The federal government had evolved to the point where one agency would spend millions of dollars on the same application program that the agency in the same zip code had just invested heavily in. The theory proposed by luminaries like Vivek Kundra was to move to the cloud to share services. Reducing cost and improving resilience. FedRAMP was the initiative that established a safe environment for federal cloud use. Companies can comply with regulations outlined in an Authorization to Operate (ATO). Well, fifteen years later, and we are seeing the same duplication not in the application programs, but in the process to get the ATO itself. For example, FedRAMP, RMF, and agency internal policies may require specific artifacts to satisfy one or the other. During the interview, Travis Howerton paints the legacy model—static documentation, annual/3-year audits, spreadsheets. His solution is to have AI assist with documentation, which will drastically reduce compliance time; he cites an example of reducing a process from 52 weeks to 356 weeks. RegScale uses OSCAL (XML/YAML/JSON) to auto-generate RMF artifacts and integrate with SIEMs (Splunk, Elastic), Axonius, ServiceNow, and APIs. Howerton understands the limitations of many automated systems and suggests that a human is a key component after the machine language has assembled the data to make the decision.
After a year of talks with industry on how to improve the program, FedRAMP is turning inward. Leaders of the government's cloud security assessment program say they're increasing their engagements with federal agencies and the Office of Management and Budget as they continue to work toward a faster, less costly version of the program, called “FedRAMP 20 X.” But they say they've already made significant improvements, and with a smaller budget. Here's Federal News Network's Jared Serbu with the details.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
With FedRAMP 20x and the 2026 Phase 2 pilot, the government is moving toward automation, machine-readable evidence, and collaborative monitoring. We'll explore what these changes mean for SaaS providers and how companies can cut costs and timelines without sacrificing security with Irina Denisenko, CEO of Knox Systems.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
Understanding cloud costs can be challenging, but it's essential for maximizing value. In this episode, hosts Lois Houston and Nikita Abraham speak with Oracle Cloud experts David Mills and Tijo Thomas about how Oracle Cloud Infrastructure offers predictable pricing, robust security, and high performance. They also introduce FinOps, a practical approach to tracking and optimizing cloud spending. Cloud Business Jumpstart: https://mylearn.oracle.com/ou/course/cloud-business-jumpstart/152957 Oracle University Learning Community: https://education.oracle.com/ou-community LinkedIn: https://www.linkedin.com/showcase/oracle-university/ X: https://x.com/Oracle_Edu Special thanks to Arijit Ghosh, David Wright, Kris-Ann Nansen, Radhika Banka, and the OU Studio Team for helping us create this episode. ------------------------------------------------------------- Episode Transcript: 00:00 Welcome to the Oracle University Podcast, the first stop on your cloud journey. During this series of informative podcasts, we'll bring you foundational training on the most popular Oracle technologies. Let's get started! 00:27 Nikita: Welcome back to another episode of the Oracle University Podcast! I'm Nikita Abraham, Team Lead of Editorial Services with Oracle University, and I'm joined by Lois Houston, Director of Communications and Adoption with Customer Success Services. Lois: Hi everyone! Last week, we talked about how Oracle Cloud Infrastructure brings together developer tools, automation, and AI on a single platform. In today's episode, we're highlighting the real-world impact OCI can have on business outcomes. 00:58 Nikita: And to tell us about this, we have our experts David Mills and Tijo Thomas back with us. David is a Senior Principal PaaS Instructor and Tijo is a Principal OCI Instructor, and they're both from Oracle University. David, let's start with you. What makes Oracle Cloud Infrastructure the trusted choice for organizations across industries like banking, healthcare, retail, and government? David: It all comes down to one thing. OCI was built for real businesses, not side projects, not hobby apps, not test servers, but mission-critical systems at scale. Most clouds brag about their speed, but OCI is consistently fast, even under pressure. And that's because Oracle built OCI on a non-blocking network and bare metal infrastructure, with dedicated resources and no noisy neighbors. So, whether you're running one application or 1,000, you get predictable, low latency, performance every time as OCI doesn't force you into any specific mold. You want full control? Spin up a virtual machine and configure everything. You need to move fast? Use a managed service like Autonomous Database or Kubernetes. Prefer to build your own containers, functions, APIs, or develop with low code or even no code tools? OCI supports all of it. And it plays nicely with your existing stack—on-prem or in another cloud. OCI adapts to how you already work instead of making you start over. 02:39 Lois: And when it comes to pricing, how does OCI help customers manage costs more effectively? David: OCI is priced for real business use, not just the flashy low entry number. You only pay for what you use. No overprovisioning, no lock in. Virtual machines can scale up and down automatically. Object storage automatically shifts to a lower cost tier based on frequency of access. Autonomous services don't need babysitting or patching. And unlike some providers, OCI doesn't charge you to get your own data back. It's enterprise grade cloud without enterprise grade sticker shock. 03:26 Lois: Security and flexibility are top priorities for many organizations. How does OCI address those challenges? David: OCI treats security as a starting point, not an upsell. From the moment you create an account, every tenant is isolated. All data is encrypted. Admin activity is logged and security tools like Cloud Guard are ready to go. And if you need to prove compliance for GDRP, FedRAMP, HIPAA, or more, you're covered. OCI is trusted by the world's most regulated industries. Most companies don't live in one cloud. They've got legacy systems, other cloud providers, and different teams doing different things. OCI is designed to work in hybrid and multi-cloud environments. Connect to your on-prem apps with VPN or FastConnect. Run Oracle workloads in your data center with Cloud@Customer. Interconnect with Azure and Google Cloud or integrate with Amazon. OCI isn't trying to lock you in. It's seeking to meet you where you are and help you modernize without breaking what works. 04:40 Nikita: Can you share an example of a business that's seen measurable results with OCI? David: A national health care provider was stuck on aging hardware with slow batch processing and manual upgrades. They migrated core patient systems to OCI and used Oracle Autonomous Database for faster, self-managed workloads. They leveraged Oracle Integration to connect legacy electronic health records, OCI FastConnect to keep real-time sync with data in their on-prem systems, and they went from 12-hour downtime Windows to zero, from three weeks to launch a feature to three days, and they cut infrastructure cost by 38%. And that's what choosing OCI looks like. 05:37 Are you looking to boost your expertise in enterprise AI? Check out the Oracle AI Agent Studio for Fusion Applications Developers course and professional certification—now available through Oracle University. This course helps you build, customize, and deploy AI Agents for Fusion HCM, SCM, and CX, with hands-on labs and real-world case studies. Ready to set yourself apart with in-demand skills and a professional credential? Learn more and get started today! Visit mylearn.oracle.com for more details. 06:12 Nikita: Welcome back! Tijo, controlling costs while driving innovation is a tough balancing act for many organizations. What are the biggest challenges organizations face when trying to manage and optimize their cloud spending? Tijo: The first one is unexpected cloud cost. Let's be honest. Cloud bills can be shocking. You think you've got things under control, that the invoice shows up and you realize it is way over the budget. Without real-time visibility, it is quite hard to catch these surprises before they happen. The next one is with waste of resources and inefficiencies. It is quite common to find resources that are just sitting idle, such as unused storage, underutilized CPU, or overprovisioned memory. It may not seem like there are much of resource wastage at first, but over time all that is really going to add up. Then there is no clear ownership of cloud spend. It is one of the big problem in cost management. If cost are not clearly tagged to a team or a project, nobody feels responsible, and that makes it really tough to manage or reduce the cloud spend. There is also misaligned priorities across teams, and looking at different teams like finance, they may want to cut the cost while engineering want to move faster, operations want everything to be up and running. While every team is doing their best, but without a common approach to cost, it becomes challenging to prioritize tasks. Slow and reactive decision making is another challenge. Most cost issues gets identified after the bill is invoiced, and by then the budget has been already spent. Without timely data, it becomes difficult to make real time changes. And then complex, multi-cloud and regional footprint. As businesses grow across regions and with multi-cloud deployment model, tracking where the budget is going gets really tricky. More services means there are more teams and more complexity. Now, all of these challenges have one thing in common. They need a better way to manage cloud cost together. And this is where FinOps comes in. 08:42 Lois: And what exactly is FinOps? How does it address these cloud cost challenges? Tijo: FinOps stands for financial operations. It is a framework that brings teams like engineering, operations, finance, and beyond to work together so that the cloud spending becomes smarter, more visible, and better aligned towards business goals. And so FinOps is not just a tool, it is a way of working. According to FinOps Foundation, FinOps lifecycle happens in three phases: inform, optimize, and operate. The inform phase is about visibility and allocation, which means you gather the cost, usage, and efficiency data in order to forecast and budget. The optimize phase is about rates and usage, and this is where you would take action to optimize or bring efficiencies. And then in operate, you turn those into continuous improvements through policies, trainings, and automation. 09:51 Nikita: Let's unpack FinOps a bit more. Why is understanding your cloud subscription model so fundamental in the Inform phase? Tijo: Because cost visibility is very important while managing your Oracle Cloud subscription. There are two ways to purchase OCI services. The first one, we refer to it as pay as you go model, which means you pay for what you use, and the second one is called universal credit annual commitment model, where you can purchase a prepaid amount of universal credits, and the prepaid amount will be drawn down based on actual usage. OCI provides a portal called FinOps Hub, where you can easily track how your usage has changed month by month over the past year. Through the Hub, you can monitor whether you have stayed within your credit allocation or not. You will also see how much of your committed credits have been used, how much is left, and when is your commitment set to expire. The next step is to gain visibility or to understand the cost. In Oracle Cloud Infrastructure, this starts with the service called cost analysis. OCI Cost Analysis is a service that would help you to filter, group, and visualize your cloud cost in a way that makes sense for your business. You can compare cost over time. You can drill down the cost by services, and track those spending by specific teams or projects. And then finally export detailed reports for finance or leadership reviews. OCI Cost Analysis gives you an interactive, near real-time view of your cloud spending. So you're not just seeing the numbers, you are understanding what is driving them. The next one is about setting up spending limits and this is done through OCI Budgets. For example, the organization can set up a monthly budget for the development team. If their usage, the cloud usage exceeds 80% of that limit, an alert will be triggered to notify the team. This means you can configure a threshold, send alerts, or even take actions automatically. 12:16 Lois: Tijo, what happens during the Optimize and Operate phases of the FinOps framework? Tijo: The inform stage was more about awareness. In the optimize phase, you take that data you've collected, and use it to optimize resources and improve efficiency. In OCI, we'll start with Cloud Advisor. OCI Cloud Advisor finds potential inefficiencies in your tenancy, and offers you guided solutions that explain how to address them. The recommendations help you to maximize cost savings. For example, it gives you personalized recommendations like deleting idle resources or resizing compute instances. Secondly, you can identify steps for performance improvements. And finally, enhance high availability and security with suggesting configurations for your cloud resources. In the third phase, operate, it is about making optimization as a routine or continuous improvements, and this is done through incorporating FinOps into your organization. OCI provides cost and usage reports that can automatically generate daily reports. These reports would show detailed usage data for every OCI service that you're using. You can export cost reports in FOCUS format. FOCUS is an industry standard and it stands for FinOps Open Cost and Usage Specification. 13:52 Nikita: And what makes the FOCUS format important for organizations? Tijo: The format enables the cost data to be consistent. It is well structured, and ready to use with other FinOps tools or dashboards. These reports can also ingest into Business Intelligence or analytics tools that will help you with better visualizations. Organizing your resources the right way is the key to get more accurate and simplified data. Without a clear structure, your cost data will be too complex. In OCI, this structure starts with your tenancy. Tenancy is your top level OCI account, and it represents the presence of cloud for your entire organization. Next, you have compartments. Compartments help you to break down your cloud environment into logical groups, for example, by department or business unit or projects. Then there are tags, and this is where cost visibility gets more meaningful. Tags allow you to assign custom labels to each resources. Things like environment type, cost center, or the owner name. 15:06 Lois: Some people think cost visibility is a concern mainly for finance teams. What's your perspective on this? Tijo: Cost visibility should be a shared responsibility, which means it shouldn't just be shared with the finance. Engineers, architects, and project owners all need to have access to the cost data that are relevant to them. Because when teams have visibility, they take ownership and that leads to better decisions which are faster, smarter, and more aligned to business goals. 15:42 Nikita: Thank you, David and Tijo, for joining us and sharing your insights. Lois: If you'd like to learn more, visit mylearn.oracle.com and look for the Cloud Business Jumpstart course. Next week, we'll explore security and compliance in OCI. Until next time, this is Lois Houston… Nikita: And Nikita Abraham signing off! 16:03 That's all for this episode of the Oracle University Podcast. If you enjoyed listening, please click Subscribe to get all the latest episodes. We'd also love it if you would take a moment to rate and review us on your podcast app. See you again on the next episode of the Oracle University Podcast.
Send us a textIn this episode of FedBiz'5, we break down the late-2025 signals that are already reshaping government contracting in 2026 – and what they really mean for small and mid-sized businesses. From the ongoing FAR overhaul and tightening cybersecurity expectations under CMMC, to FedRAMP 20x, GSA Schedule ordering trends, evolving SBA certification processes, and a more dynamic SAM.gov, the rules of the game aren't changing overnight – but the playing field definitely is.You'll learn how these six trends are showing up in real proposals, registrations, and contract vehicles, why “good enough” boilerplate and outdated profiles are becoming a liability, and how disciplined, low-friction vendors can actually turn this wave of change into an advantage.Whether you're already winning federal work or gearing up for a stronger 2026, this episode will help you focus on the operational tweaks that matter most – so you can stay compliant, stay visible, and stay competitive as the new landscape takes shape.Visit us: FedBizAccess.com Stay Connected: Follow Us on Facebook Follow Us on LinkedIn Need help in the government marketplace? Call a FedBiz Specialist today: 844-628-8914 Or, schedule a complimentary consultation at your convenience.
⬥EPISODE NOTES⬥Artificial intelligence is reshaping how public health organizations manage data, interpret trends, and support decision-making. In this episode, Sean Martin talks with Jim St. Clair, Vice President of Public Health Systems at a major public health research institute, Altarum, about what AI adoption really looks like across federal, state, and local agencies.Public health continues to face pressure from shifting budgets, aging infrastructure, and growing expectations around timely reporting. Jim highlights how initiatives launched after the pandemic pushed agencies toward modernized systems, new interoperability standards, and a stronger foundation for automated reporting. Interoperability and data accessibility remain central themes, especially as agencies work to retire manual processes and unify fragmented registries, surveillance systems, and reporting pipelines.AI enters the picture as a multiplier rather than a replacement. Jim outlines practical use cases that public health agencies can act on now, from community health communication tools and emergency response coordination to predictive analytics for population health. These approaches support faster interpretation of data, targeted outreach to communities, and improved visibility into ongoing health activity.At the same time, CISOs and security leaders are navigating a new risk environment as agencies explore generative AI, open models, and multi-agent systems. Sean and Jim discuss the importance of applying disciplined data governance, aligning AI with FedRAMP and state-level controls, and ensuring that any model running inside an organization's environment is treated with the same rigor as traditional systems.The conversation closes with a look at where AI is headed. Jim notes that multi-agent frameworks and smaller, purpose-built models will shape the next wave of public health technology. These systems introduce new opportunities for automation and decision support, but also require thoughtful implementation to ensure trust, reliability, and safety.This episode presents a realistic, forward-looking view of how AI can strengthen the future of public health and the cybersecurity responsibilities that follow.⬥GUEST⬥Jim St. Clair, Vice President, Public Health Systems, Altarum | On LinkedIn: https://www.linkedin.com/in/jimstclair/⬥HOST⬥Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥RESOURCES⬥N/A⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
As 2025 and the first year of the second Trump administration come to a close, Federal CIO Greg Barbaccia sat down with FedScoop reporter Madison Alder for a wide-ranging interview on the state of federal IT, including critical initiatives like FedRAMP modernization, AI adoption, federal tech talent, the consolidation of federal tech and contracting, what's ahead in 2026, and much more. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on Apple Podcasts, Soundcloud, Spotify and YouTube.
Back in 2011, FedRAMP was put together because each federal agency had to conduct its own time-consuming security audit. The idea was to standardize security to reduce costs and accelerate cloud adoption. About ten years later, state leaders saw the same problem. Over the years, they worked out a security guidance package that was released this year. GovRAMP was launched to address many of the same challenges faced by the federal government: to establish a standard that enables transparency, standardization, and community. GovRamp's framework is based on NIST 800-53 rev5. Tony O'Neil from Massachusetts observed that before GovRAMP, each state had a patchwork of security guidelines. With so much variation across states, a simplified environment could reduce costs and enable leaders to adopt a mindset of investing in people. Today, we sat down with data security experts who detailed the implementation of compliance to improve data security and compliance. The conversation also covered the importance of continuous monitoring, the role of CSPs in maintaining security, and the necessity of proper resource allocation for cybersecurity professionals.
Bob Friday, Chief AI Officer for HPE Networking, discusses how federal agencies are rethinking network modernization in the face of rising complexity, new security demands, and the accelerating influence of AI. Friday shares what he's hearing from federal IT leaders about their most urgent challenges—cloud migration hurdles, stringent security requirements like FedRAMP and FIPS, and the staffing constraints shaping today's modernization efforts. He also breaks down the technology trends driving HPE's approach, including the shift to real-time AI-ops, the organizational changes required to fully leverage agentic AI, and how HPE's acquisition of Juniper Networks strengthens the push toward a “self-driving network.”
Operating as a small business in government contracting is expensive and competitive. Everyone tells you to "stand out" and "differentiate," but when you're already stretched thin on resources, how do you decide where to invest?In this co-host episode, Tasha and Yas tackle the real costs and challenges of strategic differentiation. They explore how selling hardware and software products can create new revenue streams (and what compliance hurdles you'll face), examine certifications like CMMC and CMMI that can unlock contract opportunities (and whether the six-figure price tags are worth it), and discuss creative diversification strategies that don't require massive capital investments.From GSA Schedules and FedRAMP certification to strategic partnerships and niche specialization, this episode delivers an honest conversation about what it takes to compete effectively in today's GovCon market. Whether you're considering your first product line, evaluating whether a certification makes sense for your business stage, or exploring SLED and commercial opportunities, Tasha and Yas provide a practical decision framework to help you invest strategically.Key topics covered include product sales and the compliance differences between hardware and software, how to prioritize certifications like CMMC, CMMI, ISO, and FedRAMP, and alternative differentiation strategies such as geographic expansion, partnerships, IP development, and niche specialization. They also break down real cost and timeline expectations for each option, along with a clear decision-making framework that highlights green lights and red flags for smart investments. The episode even includes accessible strategies designed specifically for businesses under $5M in revenue.Whether you're new to the GovCon space or a seasoned professional looking to grow with intention, this episode provides the honest insights you need to make smarter decisions about differentiation and investment.Call(s) to Action:Interested in learning more about or leveraging Collective's services? Click here to schedule a call and learn more about how Collective can help power your business.Help spread the word about Unveiled: GovCon Stories.Do you want to be a guest or recommend a topic that you would like to learn or hear about on the podcast? Let us know through our guest feedback and registration form.Sponsors:The views and opinions expressed in this podcast are solely those of the hosts and guests, and do not reflect the views or endorsements of our sponsors.Withum – Diamond Sponsor!Withum is a forward-thinking, technology-driven advisory and accounting firm, helping clients to be in a position of strength in today's complex business environment. Go to Withum's website to learn more about how they can help your business! Hosted on Acast. See acast.com/privacy for more information.
Perplexity AI, an AI-powered search engine, is ramping up its push for government use, inking a new deal with the General Services Administration to offer its product for just 25 cents per agency. GSA announced the deal with Perplexity on Wednesday, emphasizing that the product will be offered directly through the agency's Multiple Award Schedule rather than through a government reseller, a first-of-its-kind agreement. The move aligns with GSA's OneGov initiative, which aims to work directly with technology vendors to cut prices and streamline contracting. Under the deal, Perplexity's Enterprise Pro for Government will be available on GSA's MAS for a quarter to agencies over an 18-month term. In doing so, Perplexity also received prioritized authorization under FedRAMP, the government's primary security review program that approves cloud-based technologies for federal use. Perplexity is only the second company to do so, joining OpenAI, which received prioritized authorization in September. According to GSA, Perplexity's Enterprise platform was also streamlined through the FedRAMP 20x pilot, which is focused on simplifying the cloud services approval process and reducing the timeline from months to weeks. Perplexity's platform uses large language models from other companies, such as Anthropic's Claude or OpenAI's ChatGPT, to conduct real-time internet searches and generate summaries for users. GSA noted Perplexity's platform has optional connections to common agency systems like Microsoft's OneDrive, Outlook or SharePoint. The Department of Health and Human Services is exploring how artificial intelligence can support caregivers with the launch of a new $2 million prize competition for AI caregiver tools. HHS Secretary Robert F. Kennedy Jr. announced the “Caregiver Artificial Intelligence Prize Competition” at an event Tuesday for National Family Caregivers Month, stating the agency is calling on engineers, scientists and entrepreneurs to use AI to “make caregiving smarter, simpler and more humane.” Kennedy said: “Many caregivers work around the clock, 24 hours a day, seven days a week, taking care of their loved ones with lifelong disabilities, dementia or chronic illness. Too many lose their income, their job, their aspirations and ambitions for themselves and even their own health in the process.” The HHS's Administration for Community Living (ACL) emphasized that the direct care workforce is facing increased shortages, leaving family caregivers to fill the void. According to an AARP report published in July, nearly 1 in 4 adults provided ongoing care for an adult or child with a complex medical condition or disability. These caregivers spend, on average, about $7,200 a year in out-of-pocket caregiving expenses, the report found. The competition will seek tools that benefit the professional care workforce or personal caregivers. Developers could be awarded up to $2 million for the products. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on Apple Podcasts, Soundcloud, Spotify and YouTube.
WBSRocks: Business Growth with ERP and Digital Transformation
Send us a textThis week's customer experience and marketing technology updates highlight a clear shift toward deeper intelligence, tighter collaboration, and more secure enterprise-grade platforms. CallMiner strengthened its conversational analytics footprint with the acquisition of VOCALLS, while Contentstack expanded its composable ecosystem by launching the new Data and Insights solution. Mosaicx introduced the next generation of its Engage platform, and Salesforce continued its march toward unified workflows by embedding Slack directly into CRM collaboration. In the government and regulated markets, Talkdesk achieved FedRAMP authorization for its CX Cloud Government Edition, signaling a major milestone for secure cloud CX. Meanwhile, Treasure Data rolled out five new AI suites aimed at enhancing customer experiences, Uniphore unveiled a new suite of AI marketing agents, and Zeta Global provided fresh details on its new Zeta Answers offering—collectively reflecting increased innovation and maturity across the CX and martech landscape.In today's episode, we invited a panel of industry analysts for a live discussion on LinkedIn to analyze current enterprise software stories. We covered many grounds including the direction and roadmaps of each enterprise software vendors. Finally, we analyzed future trends and how they might shape the enterprise software industry.Video: https://www.youtube.com/watch?v=85vq3s9786EQuestions for Panelists?
In this episode of the Global Risk Community podcast, we explore the critical topic of CMMC 2.0 and FedRAMP Compliance and why early action saves contracts. Our host, Boris Agranovich, speaks with Shrav Mehta, founder and CEO of Secureframe, a leader in simplifying compliance processes for businesses. Shrav shares his expert insights on navigating the complex compliance landscape for federal contractors, focusing on CMMC 2.0 requirements and the transformative impact of the new FedRAMP 20x framework. Learn how early action on compliance can save your contracts, streamline workflows, and ensure your organization stays competitive in the defense and federal sectors. We discussed the challenges and costs contractors face with CMMC Level 1 and Level 2 certifications, the differences between FedRAMP and CMMC, and how automation and tools like Secureframe can make compliance more accessible and effective. Shrav also shared his perspective on why prioritizing compliance now is crucial for success in the defense industry.
WBSRocks: Business Growth with ERP and Digital Transformation
Send us a textThe enterprise tech landscape saw a wave of AI-driven advancements this week, with major vendors pushing deeper into intelligent automation and unified customer experiences. Sage introduced its AI-powered Copilot to Sage X3, while Storyblok rolled out two new integrations to strengthen content operations. Workday expanded its ecosystem with a new AI Agent Partner Network and Gateway, and AdDaptive Intelligence broadened its AI-powered advertising platform. In the CX space, CallMiner acquired VOCALLS and Mosaicx launched the next generation of its Engage platform. Contentstack unveiled a new Data and Insights solution, Salesforce embedded Slack for tighter CRM collaboration, and Talkdesk secured FedRAMP authorization for its CX Cloud Government Edition. Rounding out the announcements, Treasure Data released five new AI suites focused on customer experience, Uniphore introduced a suite of AI marketing agents, and Zeta Global shared details on its new Zeta Answers offering—collectively signaling an accelerating shift toward more intelligent, integrated, and automated digital ecosystems.In today's episode, we invited a panel of industry analysts for a live discussion on LinkedIn to analyze current enterprise software stories. We covered many grounds including the direction and roadmaps of each enterprise software vendors. Finally, we analyzed future trends and how they might shape the enterprise software industry.Video: https://www.youtube.com/watch?v=iplWl80n90YZhdGlxBackground Soundtrack: Away From You – Mauro SommQuestions for Panelists?
Today, we take a nuanced look at automating cyber risk management. Let's start with ingress of data. Kemp Jennings-Roach from the DoD understands the concept of having a complete inventory of an agency's data. Still, his experience shows that data coming in from multiple missions, potentially with various classifications, can be challenging. Combine that with varying kinds of reporting requirements, and you get a process that can overwhelm even the most experienced individuals. His recommendation is to consider a platform approach that can help normalize data, allowing it to be used in a meaningful way. Matt Goodrich from Diligent expands on some of the benefits of automation. For example, you may have a shortage of talent that can be compensated for with an automated platform. Automation reduces human error and can speed up the time to report. Goodrich makes a great point about summarizing information. The goal of reviewing logs for anomalies is not to create a report, but to increase speed to action. Rather than arbitrarily selecting an automated system, Goodrich suggests looking for tools that can integrate with existing systems and align with compliance frameworks, such as FedRAMP and NIST CSF.
Keywordscybersecurity, technology, AI, IoT, Intel, startups, security culture, talent development, career advice SummaryIn this episode of No Password Required, host Jack Clabby and Kayleigh Melton engage with Steve Orrin, the federal CTO at Intel, discussing the evolving landscape of cybersecurity, the importance of diverse teams, and the intersection of technology and security. Steve shares insights from his extensive career, including his experiences in the startup scene, the significance of AI and IoT, and the critical blind spots in cybersecurity practices. The conversation also touches on nurturing talent in technology and offers valuable advice for young professionals entering the field. TakeawaysIoT is now referred to as the Edge in technology.Diverse teams bring unique perspectives and solutions.Experience in cybersecurity is crucial for effective team building.The startup scene in the 90s was vibrant and innovative.Understanding both biology and technology can lead to unique career paths.AI and IoT are integral to modern cybersecurity solutions.Organizations often overlook the importance of security in early project stages.Nurturing talent involves giving them interesting projects and autonomy.Young professionals should understand the hacker mentality to succeed in cybersecurity.Customer feedback is essential for developing effective security solutions. TitlesThe Edge of Cybersecurity: Insights from Steve OrrinNavigating the Intersection of Technology and Security Sound bites"IoT is officially called the Edge.""We're making mainframe sexy again.""Surround yourself with people smarter than you." Chapters00:00 Introduction to Cybersecurity and the Edge01:48 Steve Orrin's Role at Intel04:51 The Evolution of Security Technology09:07 The Startup Scene in the 90s13:00 The Intersection of Biology and Technology15:52 The Importance of AI and IoT20:30 Blind Spots in Cybersecurity25:38 Nurturing Talent in Technology28:57 Advice for Young Cybersecurity Professionals32:10 Lifestyle Polygraph: Fun Questions with Steve
First Resonance provides factory orchestration and coordination software for scaling hardware companies. Founded by SpaceX veterans in 2019, the company focused on filling the gap between legacy manufacturing systems and the needs of emerging hard tech startups. In a recent episode of Category Visionaries, we sat down with Karan Talati, CEO & Co-Founder of First Resonance, to learn about the company's journey building Ion—their manufacturing operations platform—and how they're enabling companies scaling from R&D prototypes to production manufacturing across aerospace, defense, nuclear energy, and advanced manufacturing. Topics Discussed: Karan's time at SpaceX during hypergrowth (employee 2,000 to 6,000+) and the transition from single rocket design to production operations Why First Resonance walked away from pursuing legacy aerospace and defense giants The failed PLG experiment and pivot to enterprise sales with product analytics for expansion How the "new space" pattern is repeating in nuclear energy and other hard tech verticals Market expansion from aerospace into nuclear energy over the past three to four years Advanced manufacturing technology convergence enabling electric aviation (battery density, composite manufacturing, 3D printing) AI's role in breaking down knowledge silos between mechanical, electrical, and software engineering Defense contractor security requirements: CMMC, FedRamp, and NIST 800-171 Brand strategy targeting the new manufacturing workforce versus the retiring old guard GTM Lessons For B2B Founders: Kill upmarket plans when your core segment outpaces them: First Resonance planned to move from scale-ups to traditional defense and aviation giants. They didn't execute. Karan found that staying with scaling startups delivered faster growth and higher ROI than "long sales cycles" with customers "averse to modern technology." The lesson isn't about patience with enterprise—it's about recognizing when your initial segment is expanding faster than you can capture it. If your TAM is growing 40%+ annually from customer expansion alone, moving upmarket is a distraction. Test PLG fast, kill it faster in multi-stakeholder environments: First Resonance ran a PLG experiment and "quickly learned it does not" work in manufacturing. The buying process involves "centralized, coordinated, orchestrated, many decision makers, many influencers." But they kept the instrumentation. They use "product utilization and usage and engagement" data to "package subsequent value" for renewals and expansion. The tactical move: instrument your product like PLG, sell like enterprise, and use analytics to drive net dollar retention during annual renewals. Treat cloud service provider status as a wedge, not overhead: As a cloud service provider to defense contractors, First Resonance maintains compliance with CMMC, FedRamp, and NIST 800-171. Rather than viewing this as cost center, Karan noted "regulations are getting easier, not harder" and that this is "a benefit to innovators." For B2B founders selling to regulated industries: invest in compliance infrastructure early, monitor regulatory roadmaps (like FedRamp 20x), and position compliance as competitive moat when competitors can't move as quickly. Pattern match your wedge vertical to adjacent disruption: First Resonance saw their aerospace playbook repeat in nuclear energy "literally in the last three, four years." The pattern: legacy incumbents "too big to fail" but "so large and inertial, so hard to move, that startups are going to have to come in and close that gap." When one vertical shows this pattern, adjacent industries with similar incumbent dynamics are expansion candidates. The key signal: former SpaceX/Tesla talent founding companies in that vertical. Design brand for the incoming generation, not the incumbent buyer: With the old guard "rapidly retiring" and manufacturing becoming "cool," First Resonance built a brand with "bold colors and straight lines" that "combines cybernetic systems with inspiration from the Matrix." Karan explicitly rejected softer design trends: "throw all that out." For technical products in industries with demographic shifts, design for the 30-year-old engineer who will champion your tool, not the 55-year-old executive who signs the contract. Deepen rather than proliferate when customers expand physically: First Resonance doesn't worry about logo count because their customers are "scaling in terms of factory square footage and the number of teams." Their expansion motion: "observe product analytics and customer signals and package subsequent value" for upselling during renewals. The tactic works because aerospace and energy have "a tailwind of decades." For infrastructure software with usage tied to physical operations: if customers are adding factories or production lines, you don't need new logos—you need seat expansion and module attach. // Sponsors: Front Lines — We help B2B tech companies launch, manage, and grow podcasts that drive demand, awareness, and thought leadership. www.FrontLines.io The Global Talent Co. — We help tech startups find, vet, hire, pay, and retain amazing marketing talent that costs 50-70% less than the US & Europe. www.GlobalTalent.co // Don't Miss: New Podcast Series — How I Hire Senior GTM leaders share the tactical hiring frameworks they use to build winning revenue teams. Hosted by Andy Mowat, who scaled 4 unicorns from $10M to $100M+ ARR and launched Whispered to help executives find their next role. Subscribe here: https://open.spotify.com/show/53yCHlPfLSMFimtv0riPyM
Federal Tech Podcast: Listen and learn how successful companies get federal contracts
Connect to John Gilroy on LinkedIn https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com MongoDB has spent years earning a formidable reputation in the developer world; today, we will unpack some of its capabilities for project managers and federal leaders so they can understand where MongoDB may fit in their stack. Conventional wisdom is that MongoDB is a flexible open-source database. Although that is true, this does not do justice to some characteristics that will appeal to the federal audience. ONE: An agency may have restrictions on where the cloud is not suitable for storage. Because of its ability to use flexible, JSON-like documents, MongoDB has listened to those needs and can have storage in many varying regions. In fact, we have seen a movement to move cloud applications back on premises. MongoDB provides flexibility for working in both hybrid and on-premises environments. TWO: Most readers have studied encryption and think of it primarily as data at rest. Cloud storage transitions have forced a method where data is encrypted during transit. MongoDB can take encrypted data and search while it remains encrypted. Some will describe encryption at rest, in transit, and now, data in use. THREE MongoDB has listened to the federal community and is offering something called MongoDB Atlas for Government. It is a secure, fully managed cloud database service for U.S. Government agencies to modernize applications and oversee sensitive data. During the interview, Ben Cephalo revealed the effort MongoDB is making to serve federal agencies that require FedRAMP high capabilities.
In this episode, I sit down with Mitchel Herckis, Global Head of Government Affairs at cloud security leader Wiz. We will be discussing all things public sector and cybersecurity, including the evolution of the FedRAMP program, modernizing vulnerability management, and the future of Continuous ATO (cATO).We covered a lot of ground, including:Mitch's background, both at Wiz and inside Government at roles such as OMBHow Wiz is working with Federal agencies and Defense Industrial Base (DIB) partners on Cloud Security, including the long-needed overhaul of FedRAMP with FedRAMP 20x's efforts.The move towards real Continuous Monitoring (ConMon) with real-time visibility of cloud environments, as well as the need for machine-readable artifacts, automations, and streamlined security control assessments.The modernization of vulnerability management, including factors such as attack paths, reachability, exploitability, known exploitation, and the importance of focusing on real risks versus noise.Moving away from paper-based compliance exercises and bridging the gap between security and compliance.Wiz's role as a CVE Numbering Authority (CNA) and the broader CVE program, including its importance for both the Government and industry when it comes to vulnerability management.To evolving usage of SBOMs and broader supply chain security.Disjointed efforts around the Government at both the Federal at State levels when it comes to Continuous ATO (cATO) and how we can move towards a more cohesive approach to modern system assessment and authorization.The importance of Government Affairs and bridging the divide between industry and Government, including bringing in tech leaders into Government, influencing policy, and improving outcomes for citizens and warfighters alike.The dual-edged sword that is AI adoption in the public sector.
In this episode of Resilient Cyber, I sit down with Founder & CEO of Paramify, Kenny Scott, to unpack the evolution of the FedRAMP program, FedRAMP 20x, and discuss what the public sector cloud compliance looks like moving into the future.Kenny and I dove into a lot of topics, including:What FedRAMP is and why it mattersWhat FedRAMP 20x is and what longstanding challenges associated with FedRAMP and public sector cloud and compliance it is addressingThe various aspects of FedRAMP 20x, including its phased rolloutChanges via FedRAMP 20x when it comes to Key Security Indicators (KSI), and how they differ from “controls”FedRAMP's modern vulnerability management approach and how it changes from the way vulnerability was historically handled under FedRAMPThe importance of automated assessments, machine-readable artifacts, real Continuous Monitoring (ConMon), and more for practical GRC EngineeringThe role of GRC platforms when it comes to modernizing GRCWhat are the implications of FedRAMP 20x for other public sector compliance programs, such as DoD's SWFT, SRG, and RMFSubscribe now
With volatility now the norm, security and risk leaders need practical guidance on managing existing spending and new budgetary necessities. Where should they look? Jess Burn, Principal Analyst at Forrester Research, joins Business Security Weekly to discuss Forrester's Budget Planning Guide 2026: Security And Risk. This data-and-insights-driven report provides spending benchmarks and recommendations that will help you budget for an unpredictable near term while enabling the business and mitigating the most critical risks facing your organization. If you're preparing your 2026 budgets, don't miss this interview where you'll learn where to invest, divest, and experiment. From the buzzing floors of BlackHat 2025 in Las Vegas, CyberRisk TV brings you an exclusive sit-down with Danny Jenkins, CEO & Co-Founder of ThreatLocker. In this high-energy interview, host Doug White dives deep into the real-world challenges of FedRAMP compliance, the million-dollar prep lessons, and the critical importance of secure configurations. Danny shares unfiltered insights into Defense Against Misconfigurations — ThreatLocker's new approach that helps organizations lock down endpoints, enforce application control, and spot hidden risks before attackers do. From Russian-made 7Zip to Chinese coupon clippers lurking in browsers, the conversation reveals shocking examples of threats hiding in plain sight. Whether you're a cybersecurity pro, IT leader, or compliance specialist, this interview offers a rare, behind-the-scenes look at the pain, process, and payoff of operating at the highest security standards in the industry. Segment Resources: https://threatlocker.com/platform/defense-against-configuration?utmsource=cyberriskalliance&utmmedium=sponsor&utmcampaign=blackhat25q325&utmcontent=blackhat25&utm_term=podcast This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlockerbh to learn more about them! Live from the CyberRisk TV studio at Black Hat 2025 in Las Vegas, host Matt Alderman sits down with Matt Muller, Field CISO at Tines, for a deep-dive into how Security Operations Centers must evolve. From blowing up the outdated tier system to empowering junior analysts with AI, this conversation uncovers the real strategies driving next-gen cyber defense. Muller explains why traditional SOC models create burnout, how AI can flatten team structures, and why measuring the right metrics—like Mean Time to Detect—is critical for success. They tackle the balance of human + AI orchestration, the security challenges of non-human identities, and how to rethink access controls for a machine-augmented future. If you care about SOC transformation, AI-driven security workflows, and cyber resilience at scale, this is the conversation you can't afford to miss. Watch until the end for practical insights you can start applying today in your own security operations. This segment is sponsored by Tines. Visit https://securityweekly.com/tinesbh to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-412
The Cybersecurity and Infrastructure Security Agency (CISA) is facing significant criticism from state and local officials who feel abandoned due to diminishing federal support for critical cybersecurity programs. Many officials are concerned about their increasing reliance on self-driven initiatives, especially after cuts to the Multi-State Information Sharing and Analysis Center, which has been a crucial source of cybersecurity intelligence for over two decades. A recent survey revealed that a substantial portion of state and local governments lack adequate funding for cybersecurity, with 22% allocating no funds and 42% operating with annual budgets of less than $100,000. This situation raises alarms about the potential for increased vulnerability to cyberattacks, particularly from nation-state actors.In response to the evolving landscape of artificial intelligence, the National Institute of Standards and Technology (NIST) is developing new security guidance aimed at addressing the associated risks. This initiative will clarify how AI interacts with cybersecurity, focusing on securing AI systems, the adversarial use of AI, and leveraging AI to enhance cybersecurity measures. Additionally, a bipartisan bill known as the Validation and Evaluation for Trustworthy Artificial Intelligence Act has been reintroduced in the Senate, aiming to establish guidelines for the responsible development and testing of AI systems. House appropriators are also proposing a significant funding increase for NIST, reflecting a commitment to bolster cybersecurity and innovation.The Federal Risk Management and Authorization Program (FedRAMP) has made strides in streamlining the approval process for government cloud services, achieving a significant reduction in wait times from over a year to approximately five weeks. This shift is part of a broader trend toward more efficient cloud authorization processes, with FedRAMP already approving more than twice as many services in fiscal year 2025 compared to the previous year. This development presents an opportunity for businesses to leverage FedRAMP-authorized stacks for government-related buyers and to build migration strategies accordingly.OpenAI has recently updated its ChatGPT platform, introducing new models and third-party tool connectors while facing scrutiny over the performance and security of its latest model, GPT-5. Despite the introduction of various user-focused options, security assessments have revealed significant vulnerabilities in GPT-5, prompting concerns about its safety and reliability. As companies like ConnectWise implement new credit card surcharges and adjust their workforce in response to market demands, the overarching theme emphasizes the need for operational discipline and strategic planning in navigating the evolving technology landscape. Four things to know today 00:00 Shrinking Cyber Budgets, Emerging AI Rules, and Streamlined FedRAMP Signal Shifts for IT Providers06:43 From Security to SaaS Management, Vendors Roll Out Agentic Features for IT Service Providers10:25 OpenAI Expands GPT-5 Options, Adds Connectors, but Faces Early Security Backlash13:41 ConnectWise Adds Credit Card Surcharges, Trims Staff in Strategic Realignment Supported by: https://syncromsp.com/ Tell us about a newsletter!https://bit.ly/biztechnewsletter All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech